Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-33201 (GCVE-0-2023-33201)
Vulnerability from cvelistv5 – Published: 2023-07-05 00:00 – Updated: 2024-12-04 15:48
VLAI
EPSS
Summary
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bouncycastle.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
},
{
"name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:47:56.732893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:48:15.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T18:06:18.676Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bouncycastle.org"
},
{
"url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
},
{
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
},
{
"name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33201",
"datePublished": "2023-07-05T00:00:00.000Z",
"dateReserved": "2023-05-18T00:00:00.000Z",
"dateUpdated": "2024-12-04T15:48:15.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-33201",
"date": "2026-05-29",
"epss": "0.00326",
"percentile": "0.55795"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-33201\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-07-05T03:15:09.197\",\"lastModified\":\"2024-11-21T08:05:06.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.74\",\"matchCriteriaId\":\"93E9273D-E54C-43EF-8822-39FA3C2834E0\"}]}]}],\"references\":[{\"url\":\"https://bouncycastle.org\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230824-0008/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bouncycastle.org\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230824-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bouncycastle.org\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\", \"name\": \"[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230824-0008/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:39:35.708Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33201\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-04T15:47:56.732893Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-04T15:48:11.022Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://bouncycastle.org\"}, {\"url\": \"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\"}, {\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\", \"name\": \"[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230824-0008/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-08-24T18:06:18.676012\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-33201\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-04T15:48:15.487Z\", \"dateReserved\": \"2023-05-18T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-07-05T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023:7488
Vulnerability from csaf_redhat - Published: 2023-11-24 16:57 - Updated: 2026-04-30 13:11Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.
Security Fix(es):
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
28 references
Acknowledgments
Inverid
Willem Noort
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7488",
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=patches\u0026version=7.6",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=patches\u0026version=7.6"
},
{
"category": "external",
"summary": "2158910",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7488.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update",
"tracking": {
"current_release_date": "2026-04-30T13:11:45+00:00",
"generator": {
"date": "2026-04-30T13:11:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:7488",
"initial_release_date": "2023-11-24T16:57:47+00:00",
"revision_history": [
{
"date": "2023-11-24T16:57:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-24T16:57:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:11:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7",
"product": {
"name": "Red Hat Single Sign-On 7",
"product_id": "Red Hat Single Sign-On 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Willem Noort"
],
"organization": "Inverid",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-0105",
"cwe": {
"id": "CWE-841",
"name": "Improper Enforcement of Behavioral Workflow"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2158910"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0105"
},
{
"category": "external",
"summary": "RHBZ#2158910",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
"url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
}
],
"release_date": "2023-01-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-24T16:57:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-24T16:57:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-24T16:57:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7669
Vulnerability from csaf_redhat - Published: 2023-12-06 22:07 - Updated: 2026-04-30 13:13Summary
Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images
Severity
Moderate
Notes
Topic: New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available
Details: New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes.
Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
Security Fix(es):
* vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*), an attacker can exfiltrate any class path resource.
5.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available",
"title": "Topic"
},
{
"category": "general",
"text": "New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes.\n\nUsers of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7669",
"url": "https://access.redhat.com/errata/RHSA-2023:7669"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2209400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209400"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "JAVAMON-236",
"url": "https://issues.redhat.com/browse/JAVAMON-236"
},
{
"category": "external",
"summary": "JAVAMON-241",
"url": "https://issues.redhat.com/browse/JAVAMON-241"
},
{
"category": "external",
"summary": "JAVAMON-243",
"url": "https://issues.redhat.com/browse/JAVAMON-243"
},
{
"category": "external",
"summary": "JAVAMON-313",
"url": "https://issues.redhat.com/browse/JAVAMON-313"
},
{
"category": "external",
"summary": "JAVAMON-319",
"url": "https://issues.redhat.com/browse/JAVAMON-319"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7669.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images",
"tracking": {
"current_release_date": "2026-04-30T13:13:25+00:00",
"generator": {
"date": "2026-04-30T13:13:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:7669",
"initial_release_date": "2023-12-06T22:07:18+00:00",
"revision_history": [
{
"date": "2023-12-06T22:07:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-06T22:07:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:13:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24815",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*), an attacker can exfiltrate any class path resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24815"
},
{
"category": "external",
"summary": "RHBZ#2209400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24815",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24815"
},
{
"category": "external",
"summary": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38",
"url": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38"
}
],
"release_date": "2023-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T22:07:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7669"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T22:07:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7669"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-34462",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: SniHandler 16MB allocation leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34462"
},
{
"category": "external",
"summary": "RHBZ#2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
}
],
"release_date": "2023-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T22:07:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7669"
},
{
"category": "workaround",
"details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: SniHandler 16MB allocation leads to OOM"
}
]
}
RHSA-2023:7678
Vulnerability from csaf_redhat - Published: 2023-12-06 23:30 - Updated: 2026-05-29 17:49Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.
Security Fix(es):
* JSON-java: parser confusion leads to OOM (CVE-2023-5072)
* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873)
* zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jose4j: Insecure iteration count setting (CVE-2023-31582)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445)
* gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are true: * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**. * The application is deployed to Cloud Foundry. An application is not vulnerable if any of the following is true: * The application is not deployed to Cloud Foundry * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false. * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it generated, or that were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with broader permissions than intended, as symbolic links are usually world-readable and writeable.
CWE-732 - Incorrect Permission Assignment for Critical ResourceAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.6.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
73 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* JSON-java: parser confusion leads to OOM (CVE-2023-5072)\n\n* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873)\n\n* zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* jose4j: Insecure iteration count setting (CVE-2023-31582)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445)\n\n* gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7678",
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.6.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.6.0"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2231491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491"
},
{
"category": "external",
"summary": "2233112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2242485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242485"
},
{
"category": "external",
"summary": "2242538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242538"
},
{
"category": "external",
"summary": "2243436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
},
{
"category": "external",
"summary": "2246370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246370"
},
{
"category": "external",
"summary": "2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7678.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update",
"tracking": {
"current_release_date": "2026-05-29T17:49:39+00:00",
"generator": {
"date": "2026-05-29T17:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:7678",
"initial_release_date": "2023-12-06T23:30:39+00:00",
"revision_history": [
{
"date": "2023-12-06T23:30:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-06T23:30:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T17:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.6.0",
"product": {
"name": "Red Hat AMQ Streams 2.6.0",
"product_id": "Red Hat AMQ Streams 2.6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-46751",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2023-08-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2233112"
}
],
"notes": [
{
"category": "description",
"text": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-ivy: XML External Entity vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46751"
},
{
"category": "external",
"summary": "RHBZ#2233112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8",
"url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8"
}
],
"release_date": "2023-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-ivy: XML External Entity vulnerability"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JSON-java: parser confusion leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5072"
},
{
"category": "external",
"summary": "RHBZ#2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/758",
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/771",
"url": "https://github.com/stleary/JSON-java/issues/771"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "workaround",
"details": "No current mitigation is available for this flaw.",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JSON-java: parser confusion leads to OOM"
},
{
"cve": "CVE-2023-20873",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2231491"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot. This targets specifically \u0027spring-boot-actuator-autoconfigure\u0027 package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass.\r\n\r\nSpecifically, an application is vulnerable when all of the following are true:\r\n\r\n * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**.\r\n * The application is deployed to Cloud Foundry.\r\n\r\nAn application is not vulnerable if any of the following is true:\r\n\r\n * The application is not deployed to Cloud Foundry\r\n * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false.\r\n * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following Red Hat products do not ship the affected software component and so are not affected:\n\n * Red Hat Enterprise Linux 8, 9\n * Enterprise Application Platform 6, 7, 8, XP\n * Data Grid 7, 8\n * Migration Toolkit for Runtimes\n * Red Hat Build of OptaPlanner\n * Red Hat Integration Camel-K\n * Red Hat AMQ Broker 7\n * Red Hat AMQ Clients 2\n * Red Hat AMQ Streams 2\n * Red Hat Fuse 6\n * Red Hat Fuse 7\n * Red Hat VertX 4\n\nThe following Red Hat products ship the affected software but do not enable or do not ship the vulnerable classes, and so are affected but at Low security impact.\n\n * Red Hat Decision Manager 7\n * Red Hat Process Automation Manager 7\n * Red Hat Single Sign-On 7",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20873"
},
{
"category": "external",
"summary": "RHBZ#2231491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20873"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g5h3-w546-pj7f",
"url": "https://github.com/advisories/GHSA-g5h3-w546-pj7f"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2023-20873/",
"url": "https://spring.io/security/cve-2023-20873/"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "workaround",
"details": "Disable Cloud Foundry actuator endpoints by setting \u0027management.cloudfoundry.enabled\u0027 to false.",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry"
},
{
"cve": "CVE-2023-31582",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2023-10-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: Insecure iteration count setting",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw would require manually setting of the number of iterations under 1000 for Json Web Encryption, therefore, a malicious user would need previous access to modify it. Also, a user would still be able to set the variable incorrectly and make the environment less secure for JWE. This is currently rated as a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-31582"
},
{
"category": "external",
"summary": "RHBZ#2246370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-31582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31582"
},
{
"category": "external",
"summary": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then",
"url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then"
},
{
"category": "external",
"summary": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md",
"url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md"
}
],
"release_date": "2023-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose4j: Insecure iteration count setting"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42445",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it generated, or that were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gradle: Possible local text file exfiltration by XML External entity injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42445"
},
{
"category": "external",
"summary": "RHBZ#2242538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42445"
},
{
"category": "external",
"summary": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8",
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8"
}
],
"release_date": "2023-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gradle: Possible local text file exfiltration by XML External entity injection"
},
{
"cve": "CVE-2023-44387",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242485"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with broader permissions than intended, as symbolic links are usually world-readable and writeable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44387"
},
{
"category": "external",
"summary": "RHBZ#2242485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44387"
},
{
"category": "external",
"summary": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9",
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9"
}
],
"release_date": "2023-10-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "workaround",
"details": "User should follow the documentation to explicitly set permissions when copying or create archives: https://docs.gradle.org/current/userguide/working_with_files.html#sec:setting_file_permissions",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations"
},
{
"cve": "CVE-2023-44981",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2023-10-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243436"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zookeeper: Authorization Bypass in Apache ZooKeeper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat AMQ 7 Broker and Red Hat AMQ Streams 2 use Zookeeper but do not use or enable the vulnerable functionality, Peer Authentication. They are affected at Moderate Impact by this flaw.\n\nRed Hat Fuse 7 uses Zookeeper but does not use any of its server capabilities and as such is not vulnerable, and so is affected at Low Impact by this flaw.\n\nRed Hat Process Automation Manager 7 and Red Hat Decision Manager 7 do not ship zookeeper, and so are not affected by this flaw.\n\nRed Hat Fuse 6 and AMQ 6 use Zookeeper but are not vulnerable to this flaw, and have been assessed as Important Impact and are as such out of security support scope for this flaw.\n\nRed Hat Business Process Manager Suite 6, Red Hat Business Rules Management Suite 6, Red Hat JBoss Data Virtualization 6, Red Hat OpenShift Application Runtime Vert-x, and Red Hat Fuse Service Works 6 are out of security support scope for this flaw.\n\nAs no Red Hat products are affected at Critical Impact by this flaw, its overall impact has been reduced to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44981"
},
{
"category": "external",
"summary": "RHBZ#2243436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b",
"url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
}
],
"release_date": "2023-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T23:30:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7678"
},
{
"category": "workaround",
"details": "According to Apache\u0027s document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.",
"product_ids": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zookeeper: Authorization Bypass in Apache ZooKeeper"
}
]
}
RHSA-2024:0278
Vulnerability from csaf_redhat - Published: 2024-01-17 13:23 - Updated: 2026-03-26 12:06Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.11.5 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.11.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2023-33201) bouncycastle: potential blind LDAP injection attack using a self-signed certificate
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Broker 7.11.5
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.11
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.11.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2023-33201) bouncycastle: potential blind LDAP injection attack using a self-signed certificate\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0278",
"url": "https://access.redhat.com/errata/RHSA-2024:0278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.11.5",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.11.5"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0278.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.11.5 release and security update",
"tracking": {
"current_release_date": "2026-03-26T12:06:55+00:00",
"generator": {
"date": "2026-03-26T12:06:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2024:0278",
"initial_release_date": "2024-01-17T13:23:10+00:00",
"revision_history": [
{
"date": "2024-01-17T13:23:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-17T13:23:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-26T12:06:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AMQ Broker 7.11.5",
"product": {
"name": "AMQ Broker 7.11.5",
"product_id": "AMQ Broker 7.11.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.11"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Broker 7.11.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-17T13:23:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"AMQ Broker 7.11.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0278"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AMQ Broker 7.11.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
}
]
}
RHSA-2024:1353
Vulnerability from csaf_redhat - Published: 2024-03-18 09:47 - Updated: 2026-05-16 23:26Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.5 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* JSON-java: parser confusion leads to OOM (CVE-2023-5072)
* okio: GzipSource class improper exception handling (CVE-2023-3635)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* batik: Server-Side Request Forgery vulnerability (CVE-2022-44729)
* batik: Server-Side Request Forgery vulnerability (CVE-2022-44730)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
6.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
6.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.5 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
65 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* JSON-java: parser confusion leads to OOM (CVE-2023-5072)\n\n* okio: GzipSource class improper exception handling (CVE-2023-3635)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* batik: Server-Side Request Forgery vulnerability (CVE-2022-44729)\n\n* batik: Server-Side Request Forgery vulnerability (CVE-2022-44730)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1353",
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "2233889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233889"
},
{
"category": "external",
"summary": "2233899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233899"
},
{
"category": "external",
"summary": "2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1353.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.5 security update",
"tracking": {
"current_release_date": "2026-05-16T23:26:23+00:00",
"generator": {
"date": "2026-05-16T23:26:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:1353",
"initial_release_date": "2024-03-18T09:47:51+00:00",
"revision_history": [
{
"date": "2024-03-18T09:47:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-18T09:47:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-16T23:26:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.5 async",
"product": {
"name": "RHPAM 7.13.5 async",
"product_id": "RHPAM 7.13.5 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150009"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1471"
},
{
"category": "external",
"summary": "RHBZ#2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-44729",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2233889"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-44729"
},
{
"category": "external",
"summary": "RHBZ#2233889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233889"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-44729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-44729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44729"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gq5f-xv48-2365",
"url": "https://github.com/advisories/GHSA-gq5f-xv48-2365"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2",
"url": "https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2"
}
],
"release_date": "2023-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery vulnerability"
},
{
"cve": "CVE-2022-44730",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2233899"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-44730"
},
{
"category": "external",
"summary": "RHBZ#2233899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-44730",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-44730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44730"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-2474-2566-3qxp",
"url": "https://github.com/advisories/GHSA-2474-2566-3qxp"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0",
"url": "https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0"
}
],
"release_date": "2023-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery vulnerability"
},
{
"cve": "CVE-2023-0482",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166004"
}
],
"notes": [
{
"category": "description",
"text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: creation of insecure temp files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0482"
},
{
"category": "external",
"summary": "RHBZ#2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "RESTEasy: creation of insecure temp files"
},
{
"cve": "CVE-2023-3635",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2229295"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okio: GzipSource class improper exception handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3635"
},
{
"category": "external",
"summary": "RHBZ#2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "okio: GzipSource class improper exception handling"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JSON-java: parser confusion leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5072"
},
{
"category": "external",
"summary": "RHBZ#2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/758",
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/771",
"url": "https://github.com/stleary/JSON-java/issues/771"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
},
{
"category": "workaround",
"details": "No current mitigation is available for this flaw.",
"product_ids": [
"RHPAM 7.13.5 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JSON-java: parser confusion leads to OOM"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027) via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: A serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security vulnerability in the logback package is considered of moderate severity due to its potential for facilitating a denial-of-service (DoS) attack. While a DoS attack can disrupt service availability, this vulnerability may not lead to more severe consequences such as unauthorized access or data breaches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6481"
},
{
"category": "external",
"summary": "RHBZ#2252956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"RHPAM 7.13.5 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: A serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-6717",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6717"
},
{
"category": "external",
"summary": "RHBZ#2253952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717"
}
],
"release_date": "2024-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.5 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T09:47:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.5 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.5 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
}
]
}
RHSA-2024:3527
Vulnerability from csaf_redhat - Published: 2024-05-30 20:24 - Updated: 2026-05-16 16:46Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.6.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)
* zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032)
* RocksDB: zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact (CVE-2023-43642)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class (CVE-2023-33202)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)
* guava: insecure temporary directory creation (CVE-2023-2976)
* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)
* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)
* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
116 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.6.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)\n* zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032)\n* RocksDB: zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n* snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact (CVE-2023-43642)\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n* bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class (CVE-2023-33202)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3527",
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1928090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928090"
},
{
"category": "external",
"summary": "1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2179864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2241722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241722"
},
{
"category": "external",
"summary": "2251281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281"
},
{
"category": "external",
"summary": "2256063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
},
{
"category": "external",
"summary": "2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "2273281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
},
{
"category": "external",
"summary": "ENTMQST-5619",
"url": "https://issues.redhat.com/browse/ENTMQST-5619"
},
{
"category": "external",
"summary": "ENTMQST-5881",
"url": "https://issues.redhat.com/browse/ENTMQST-5881"
},
{
"category": "external",
"summary": "ENTMQST-5882",
"url": "https://issues.redhat.com/browse/ENTMQST-5882"
},
{
"category": "external",
"summary": "ENTMQST-5883",
"url": "https://issues.redhat.com/browse/ENTMQST-5883"
},
{
"category": "external",
"summary": "ENTMQST-5884",
"url": "https://issues.redhat.com/browse/ENTMQST-5884"
},
{
"category": "external",
"summary": "ENTMQST-5885",
"url": "https://issues.redhat.com/browse/ENTMQST-5885"
},
{
"category": "external",
"summary": "ENTMQST-5886",
"url": "https://issues.redhat.com/browse/ENTMQST-5886"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3527.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update",
"tracking": {
"current_release_date": "2026-05-16T16:46:38+00:00",
"generator": {
"date": "2026-05-16T16:46:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:3527",
"initial_release_date": "2024-05-30T20:24:46+00:00",
"revision_history": [
{
"date": "2024-05-30T20:24:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-25T17:26:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-16T16:46:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.7.0",
"product": {
"name": "Red Hat AMQ Streams 2.7.0",
"product_id": "Red Hat AMQ Streams 2.7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3520",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954559"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3520"
},
{
"category": "external",
"summary": "RHBZ#1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520"
}
],
"release_date": "2021-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument"
},
{
"cve": "CVE-2021-24032",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928090"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zstd: Race condition allows attacker to access world-readable destination file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.\n\nThis vulnerability can be considered low severity rather than moderate due to the fact that the elevated file permissions are only temporary and only exist during the compression or decompression process. Once the operation completes, the file permissions revert to their intended state, mirroring those of the input file. The risk is further minimized by the fact that the exposure window is brief, and the elevated permissions are not persistent. Additionally, the issue only arises during the processing of files, and only those with larger sizes or more involved operations would be at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-24032"
},
{
"category": "external",
"summary": "RHBZ#1928090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928090"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032"
}
],
"release_date": "2021-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "zstd: Race condition allows attacker to access world-readable destination file"
},
{
"cve": "CVE-2022-3171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2137645"
}
],
"notes": [
{
"category": "description",
"text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: timeout in parser leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3171"
},
{
"category": "external",
"summary": "RHBZ#2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
}
],
"release_date": "2022-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: timeout in parser leads to DoS"
},
{
"cve": "CVE-2022-4899",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179864"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zstd: mysql: buffer overrun in util.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in the zstd command-line utility is rated as Moderate Severity because it involves an Incorrect Calculation of Buffer Size (CWE-400) within the mallocAndJoin2Dir function in programs/util.c. A remote attacker can exploit this flaw by providing an input, specifically an empty string, which causes a function boundary error and results in a heap-based Out-of-Bounds Read on memory. This ultimately leads to a program crash, causing a Denial of Service condition that is limited to the specific zstd process or service instance, rather than affecting the entire host system\u0027s stability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4899"
},
{
"category": "external",
"summary": "RHBZ#2179864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899"
}
],
"release_date": "2022-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zstd: mysql: buffer overrun in util.c"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-33202",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251281"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33202"
},
{
"category": "external",
"summary": "RHBZ#2251281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202"
}
],
"release_date": "2023-11-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class"
},
{
"cve": "CVE-2023-43642",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43642"
},
{
"category": "external",
"summary": "RHBZ#2241722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
},
{
"category": "external",
"summary": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
"url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
}
],
"release_date": "2023-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact"
},
{
"cve": "CVE-2023-51074",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2023-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256063"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-path: stack-based buffer overflow in Criteria.parse method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this at maximum of a Moderate impact. When interacting with a server to explore this possible vulnerability, the attacker would be the only one seeing a HTTP 500 error and no other user (or the server entirely) would be vulnerable in a real application scenario with multi-threads.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51074"
},
{
"category": "external",
"summary": "RHBZ#2256063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074"
},
{
"category": "external",
"summary": "https://github.com/json-path/JsonPath/issues/973",
"url": "https://github.com/json-path/JsonPath/issues/973"
}
],
"release_date": "2023-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-path: stack-based buffer overflow in Criteria.parse method"
},
{
"cve": "CVE-2024-1023",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260840"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1023"
},
{
"category": "external",
"summary": "RHBZ#2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
"url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
}
],
"release_date": "2024-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
},
{
"cve": "CVE-2024-1300",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2024-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263139"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This affects only TLS servers with SNI enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1300"
},
{
"category": "external",
"summary": "RHBZ#2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
},
{
"category": "external",
"summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
}
],
"release_date": "2024-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
},
{
"cve": "CVE-2024-2700",
"cwe": {
"id": "CWE-526",
"name": "Cleartext Storage of Sensitive Information in an Environment Variable"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273281"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quarkus-core: Leak of local configuration properties into Quarkus applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2700"
},
{
"category": "external",
"summary": "RHBZ#2273281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2700"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "quarkus-core: Leak of local configuration properties into Quarkus applications"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264988"
}
],
"notes": [
{
"category": "description",
"text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25710"
},
{
"category": "external",
"summary": "RHBZ#2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
"url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
}
]
}
SUSE-SU-2023:2843-1
Vulnerability from csaf_suse - Published: 2023-07-17 04:21 - Updated: 2023-07-17 04:21Summary
Security update for bouncycastle
Severity
Important
Notes
Title of the patch: Security update for bouncycastle
Description of the patch: This update for bouncycastle fixes the following issues:
- CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server (bsc#1212508).
Patchnames: SUSE-2023-2843,SUSE-SLE-Module-Development-Tools-15-SP4-2023-2843,SUSE-SLE-Module-Development-Tools-15-SP5-2023-2843,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2843,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2843,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2843,SUSE-SLE-Product-RT-15-SP3-2023-2843,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2843,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2843,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2843,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2843,SUSE-Storage-7-2023-2843,SUSE-Storage-7.1-2023-2843,openSUSE-SLE-15.4-2023-2843,openSUSE-SLE-15.5-2023-2843
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-javadoc-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-mail-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-tls-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-javadoc-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-jmail-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-mail-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-pg-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-pkix-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-tls-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:bouncycastle-util-1.74-150200.3.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bouncycastle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bouncycastle fixes the following issues:\n\n- CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server (bsc#1212508).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2843,SUSE-SLE-Module-Development-Tools-15-SP4-2023-2843,SUSE-SLE-Module-Development-Tools-15-SP5-2023-2843,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2843,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2843,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2843,SUSE-SLE-Product-RT-15-SP3-2023-2843,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2843,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2843,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2843,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2843,SUSE-Storage-7-2023-2843,SUSE-Storage-7.1-2023-2843,openSUSE-SLE-15.4-2023-2843,openSUSE-SLE-15.5-2023-2843",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2843-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2843-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232843-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2843-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015507.html"
},
{
"category": "self",
"summary": "SUSE Bug 1212508",
"url": "https://bugzilla.suse.com/1212508"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-33201 page",
"url": "https://www.suse.com/security/cve/CVE-2023-33201/"
}
],
"title": "Security update for bouncycastle",
"tracking": {
"current_release_date": "2023-07-17T04:21:18Z",
"generator": {
"date": "2023-07-17T04:21:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2843-1",
"initial_release_date": "2023-07-17T04:21:18Z",
"revision_history": [
{
"date": "2023-07-17T04:21:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bouncycastle-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-jmail-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-jmail-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-jmail-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-mail-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-mail-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-mail-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-pg-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-pkix-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-tls-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-tls-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-tls-1.74-150200.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"product": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"product_id": "bouncycastle-util-1.74-150200.3.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_rt:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-javadoc-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-mail-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-mail-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-mail-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-tls-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-tls-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-tls-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-javadoc-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-jmail-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-jmail-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-jmail-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-mail-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-mail-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-mail-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-pg-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pg-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-pkix-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-tls-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-tls-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-tls-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-util-1.74-150200.3.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:bouncycastle-util-1.74-150200.3.21.1.noarch"
},
"product_reference": "bouncycastle-util-1.74-150200.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-33201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-33201"
}
],
"notes": [
{
"category": "general",
"text": "Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-mail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-tls-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-util-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-jmail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-mail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-tls-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-util-1.74-150200.3.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-33201",
"url": "https://www.suse.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "SUSE Bug 1212508 for CVE-2023-33201",
"url": "https://bugzilla.suse.com/1212508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-mail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-tls-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-util-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-jmail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-mail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-tls-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-util-1.74-150200.3.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7.1:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Enterprise Storage 7:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:bouncycastle-util-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:bouncycastle-util-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-mail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-tls-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.4:bouncycastle-util-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-javadoc-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-jmail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-mail-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-pg-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-pkix-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-tls-1.74-150200.3.21.1.noarch",
"openSUSE Leap 15.5:bouncycastle-util-1.74-150200.3.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T04:21:18Z",
"details": "important"
}
],
"title": "CVE-2023-33201"
}
]
}
WID-SEC-W-2023-1490
Vulnerability from csaf_certbund - Published: 2023-06-18 22:00 - Updated: 2025-10-05 22:00Summary
Bouncy Castle: Schwachstelle ermöglicht Offenlegung von Informationen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bouncy Castle ist eine Kryptographie-API für Java.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Bouncy Castle ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SAS Institute Base SAS <9.4M9 (TS1M9)
SAS Institute / Base SAS
|
<9.4M9 (TS1M9) | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source Bouncy Castle <1.74
Open Source / Bouncy Castle
|
<1.74 | ||
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM InfoSphere Guardium
IBM
|
cpe:/a:ibm:infosphere_guardium:-
|
— | |
|
RealObjects PDFreactor <11.6.6
RealObjects / PDFreactor
|
<11.6.6 |
References
24 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bouncy Castle ist eine Kryptographie-API f\u00fcr Java.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Bouncy Castle ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1490 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1490.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1490 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1490"
},
{
"category": "external",
"summary": "Github Security Advisory vom 2023-06-18",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2843-1 vom 2023-07-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015507.html"
},
{
"category": "external",
"summary": "PDFreactor 11 Hotfix Release 11.6.6",
"url": "https://www.pdfreactor.com/pdfreactor-11-hotfix-release-11-6-6-now-available/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3514 vom 2023-08-02",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5147 vom 2023-09-13",
"url": "https://access.redhat.com/errata/RHSA-2023:5147"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5484 vom 2023-10-05",
"url": "https://access.redhat.com/errata/RHSA-2023:5484"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5488 vom 2023-10-05",
"url": "https://access.redhat.com/errata/RHSA-2023:5488"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5486 vom 2023-10-06",
"url": "https://access.redhat.com/errata/RHSA-2023:5486"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5485 vom 2023-10-06",
"url": "https://access.redhat.com/errata/RHSA-2023:5485"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7068195 vom 2023-11-07",
"url": "https://www.ibm.com/support/pages/node/7068195"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7483 vom 2023-11-25",
"url": "https://access.redhat.com/errata/RHSA-2023:7483"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7484 vom 2023-11-25",
"url": "https://access.redhat.com/errata/RHSA-2023:7484"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7482 vom 2023-11-25",
"url": "https://access.redhat.com/errata/RHSA-2023:7482"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7488 vom 2023-11-25",
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7486 vom 2023-11-25",
"url": "https://access.redhat.com/errata/RHSA-2023:7486"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0278 vom 2024-01-17",
"url": "https://access.redhat.com/errata/RHSA-2024:0278"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1353 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7117232"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3527 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "external",
"summary": "SAS Security Update vom 2025-10-02",
"url": "https://support.sas.com/en/security-bulletins/sas-security-update-for-sas-94m9-ts1m9.html"
}
],
"source_lang": "en-US",
"title": "Bouncy Castle: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-10-05T22:00:00.000+00:00",
"generator": {
"date": "2025-10-06T09:13:15.920+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-1490",
"initial_release_date": "2023-06-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-07-26T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-08-02T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-09-13T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-17T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM InfoSphere Guardium",
"product": {
"name": "IBM InfoSphere Guardium",
"product_id": "T002366",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_guardium:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.74",
"product": {
"name": "Open Source Bouncy Castle \u003c1.74",
"product_id": "T028184"
}
},
{
"category": "product_version",
"name": "1.74",
"product": {
"name": "Open Source Bouncy Castle 1.74",
"product_id": "T028184-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.74"
}
}
}
],
"category": "product_name",
"name": "Bouncy Castle"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.6.6",
"product": {
"name": "RealObjects PDFreactor \u003c11.6.6",
"product_id": "T028930"
}
},
{
"category": "product_version",
"name": "11.6.6",
"product": {
"name": "RealObjects PDFreactor 11.6.6",
"product_id": "T028930-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:11.6.6"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4M9 (TS1M9)",
"product": {
"name": "SAS Institute Base SAS \u003c9.4M9 (TS1M9)",
"product_id": "T047382"
}
},
{
"category": "product_version",
"name": "9.4M9 (TS1M9)",
"product": {
"name": "SAS Institute Base SAS 9.4M9 (TS1M9)",
"product_id": "T047382-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:sas:base_sas:9.4m9_%28ts1m9%29"
}
}
}
],
"category": "product_name",
"name": "Base SAS"
}
],
"category": "vendor",
"name": "SAS Institute"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-33201",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T047382",
"67646",
"T028184",
"444803",
"T002366",
"T028930"
]
},
"release_date": "2023-06-18T22:00:00.000+00:00",
"title": "CVE-2023-33201"
}
]
}
WID-SEC-W-2023-2625
Vulnerability from csaf_certbund - Published: 2023-10-10 22:00 - Updated: 2025-08-06 22:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM QRadar SIEM <7.5.0 UP7
IBM / QRadar SIEM
|
<7.5.0 UP7 | ||
|
IBM QRadar SIEM <7.5.0 UP13
IBM / QRadar SIEM
|
<7.5.0 UP13 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2625 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2625.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2625 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2625"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7049133 vom 2023-10-10",
"url": "https://www.ibm.com/support/pages/node/7049133"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7165686 vom 2024-08-16",
"url": "https://www.ibm.com/support/pages/node/7165686"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241589 vom 2025-08-06",
"url": "https://www.ibm.com/support/pages/node/7241589"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-06T22:00:00.000+00:00",
"generator": {
"date": "2025-08-07T08:49:26.099+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-2625",
"initial_release_date": "2023-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-08-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP7",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP7",
"product_id": "T030425"
}
},
{
"category": "product_version",
"name": "7.5.0 UP7",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP7",
"product_id": "T030425-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP13",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP13",
"product_id": "T045828"
}
},
{
"category": "product_version",
"name": "7.5.0 UP13",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP13",
"product_id": "T045828-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up13"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1000027",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2016-1000027"
},
{
"cve": "CVE-2020-13956",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2022-21426",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2022-21426"
},
{
"cve": "CVE-2022-25147",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2022-25147"
},
{
"cve": "CVE-2022-3564",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2022-3564"
},
{
"cve": "CVE-2022-40609",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2022-40609"
},
{
"cve": "CVE-2022-48339",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2022-48339"
},
{
"cve": "CVE-2023-20867",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-20867"
},
{
"cve": "CVE-2023-21830",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21830"
},
{
"cve": "CVE-2023-21843",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21843"
},
{
"cve": "CVE-2023-21930",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21930"
},
{
"cve": "CVE-2023-21937",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21937"
},
{
"cve": "CVE-2023-21938",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21938"
},
{
"cve": "CVE-2023-21939",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21939"
},
{
"cve": "CVE-2023-21954",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21954"
},
{
"cve": "CVE-2023-21967",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21967"
},
{
"cve": "CVE-2023-21968",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-21968"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-25652",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-25652"
},
{
"cve": "CVE-2023-2597",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-2597"
},
{
"cve": "CVE-2023-26048",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-26048"
},
{
"cve": "CVE-2023-26049",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-26049"
},
{
"cve": "CVE-2023-2828",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-2828"
},
{
"cve": "CVE-2023-28709",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-29007",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-29007"
},
{
"cve": "CVE-2023-2976",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-30441",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-30441"
},
{
"cve": "CVE-2023-30994",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-30994"
},
{
"cve": "CVE-2023-32067",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-32067"
},
{
"cve": "CVE-2023-32697",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-32697"
},
{
"cve": "CVE-2023-33201",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-34149",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34149"
},
{
"cve": "CVE-2023-34396",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34396"
},
{
"cve": "CVE-2023-34453",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34453"
},
{
"cve": "CVE-2023-34454",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34454"
},
{
"cve": "CVE-2023-34455",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34455"
},
{
"cve": "CVE-2023-34981",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-35116",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2023-38408",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-38408"
},
{
"cve": "CVE-2023-40367",
"product_status": {
"known_affected": [
"T022954",
"T030425",
"T045828"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-40367"
}
]
}
WID-SEC-W-2023-2675
Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-10-17 22:00Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.4
|
— | |
|
Oracle Financial Services Applications 8.1.2.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.3
|
— | |
|
Oracle Financial Services Applications 22.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.2
|
— | |
|
Oracle Financial Services Applications 2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7
|
— | |
|
Oracle Financial Services Applications 12.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.4
|
— | |
|
Oracle Financial Services Applications 2.9.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.9.0
|
— | |
|
Oracle Financial Services Applications 12.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:12.3
|
— | |
|
Oracle Financial Services Applications 2.12
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12
|
— | |
|
Oracle Financial Services Applications 11.10
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.10
|
— | |
|
Oracle Financial Services Applications 18.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:18.3
|
— | |
|
Oracle Financial Services Applications 2.6.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.6.2
|
— | |
|
Oracle Financial Services Applications 22.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:22.1
|
— | |
|
Oracle Financial Services Applications 21.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:21.1
|
— | |
|
Oracle Financial Services Applications 11.11
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.11
|
— | |
|
Oracle Financial Services Applications 19.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.2
|
— | |
|
Oracle Financial Services Applications 19.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:19.1
|
— |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications <= 14.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.3
|
— | |
|
Oracle Financial Services Applications <= 11.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:11.8
|
— | |
|
Oracle Financial Services Applications <= 14.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2675 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2675.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2675 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2675"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Financial Services Applications vom 2023-10-17",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixIFLX"
}
],
"source_lang": "en-US",
"title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-17T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:59:59.509+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2675",
"initial_release_date": "2023-10-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.6.2",
"product": {
"name": "Oracle Financial Services Applications 2.6.2",
"product_id": "T018977",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.6.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.9.0",
"product": {
"name": "Oracle Financial Services Applications 2.9.0",
"product_id": "T018981",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.9.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications \u003c= 14.3",
"product": {
"name": "Oracle Financial Services Applications \u003c= 14.3",
"product_id": "T019887",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 12.3",
"product": {
"name": "Oracle Financial Services Applications 12.3",
"product_id": "T019893",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:12.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 12.4",
"product": {
"name": "Oracle Financial Services Applications 12.4",
"product_id": "T019894",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:12.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications \u003c= 11.8",
"product": {
"name": "Oracle Financial Services Applications \u003c= 11.8",
"product_id": "T020696",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.10",
"product": {
"name": "Oracle Financial Services Applications 11.10",
"product_id": "T020698",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.10"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 18.3",
"product": {
"name": "Oracle Financial Services Applications 18.3",
"product_id": "T021669",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:18.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 19.1",
"product": {
"name": "Oracle Financial Services Applications 19.1",
"product_id": "T021670",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:19.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 19.2",
"product": {
"name": "Oracle Financial Services Applications 19.2",
"product_id": "T021671",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:19.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 21.1",
"product": {
"name": "Oracle Financial Services Applications 21.1",
"product_id": "T021673",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:21.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.7",
"product": {
"name": "Oracle Financial Services Applications 2.7",
"product_id": "T023927",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.12",
"product": {
"name": "Oracle Financial Services Applications 2.12",
"product_id": "T023929",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.12"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications \u003c= 14.7",
"product": {
"name": "Oracle Financial Services Applications \u003c= 14.7",
"product_id": "T027348",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 22.1",
"product": {
"name": "Oracle Financial Services Applications 22.1",
"product_id": "T027349",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 22.2",
"product": {
"name": "Oracle Financial Services Applications 22.2",
"product_id": "T027350",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.4",
"product_id": "T027351",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.3",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.3",
"product_id": "T027352",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.11",
"product": {
"name": "Oracle Financial Services Applications 11.11",
"product_id": "T027366",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.11"
}
}
}
],
"category": "product_name",
"name": "Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34981",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-34462",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-34462"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-28439",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-28439"
},
{
"cve": "CVE-2023-26049",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-26049"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-22946",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22946"
},
{
"cve": "CVE-2023-22125",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22125"
},
{
"cve": "CVE-2023-22124",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22124"
},
{
"cve": "CVE-2023-22123",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22123"
},
{
"cve": "CVE-2023-22122",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22122"
},
{
"cve": "CVE-2023-22121",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22121"
},
{
"cve": "CVE-2023-22119",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22119"
},
{
"cve": "CVE-2023-22118",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22118"
},
{
"cve": "CVE-2023-22117",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22117"
},
{
"cve": "CVE-2023-20883",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20883"
},
{
"cve": "CVE-2023-20873",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20873"
},
{
"cve": "CVE-2023-20863",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-20862",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20862"
},
{
"cve": "CVE-2023-1436",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2022-48285",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-48285"
},
{
"cve": "CVE-2022-45688",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-41966",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-41881",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-33980",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-33980"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-29577",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-29577"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2021-41165",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-41165"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T023927",
"T019894",
"T018981",
"T019893",
"T023929",
"T020698",
"T021669",
"T018977",
"T027349",
"T021673",
"T027366",
"T021671",
"T021670"
],
"last_affected": [
"T019887",
"T020696",
"T027348"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-37533"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…