Vulnerability-Lookup

CVE-2023-37536 (GCVE-0-2023-37536)

Vulnerability from cvelistv5 – Published: 2023-10-11 06:46 – Updated: 2025-02-13 17:01

Title

HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3

Summary

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

CWE

CWE-680 - Integer Overflow to Buffer Overflow

Assigner

HCL

References

5 references

URL	Tags
https://support.hcltechsw.com/csm?id=kb_article&s…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.debian.org/debian-lts-announce/2023…

Impacted products

1 product

Vendor	Product	Version
HCL Software	BigFix Platform	Affected: 9.5 - 9.5.22, 10 - 10.0.9

Date Public

2023-09-28 18:26

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*",
              "cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bigfix_platform",
            "vendor": "hcltech",
            "versions": [
              {
                "lessThanOrEqual": "9.5.22",
                "status": "affected",
                "version": "10",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.0.9",
                "status": "affected",
                "version": "9.5",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "37"
              },
              {
                "status": "affected",
                "version": "38"
              },
              {
                "status": "affected",
                "version": "39"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xerces-c\\+\\+",
            "vendor": "apache",
            "versions": [
              {
                "status": "affected",
                "version": "3.2.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T03:55:41.734161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-680",
                "description": "CWE-680 Integer Overflow to Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T13:05:26.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix Platform",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "9.5 - 9.5.22, 10 - 10.0.9"
            }
          ]
        }
      ],
      "datePublic": "2023-09-28T18:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\u003c/span\u003e"
            }
          ],
          "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-31T14:06:26.448Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2023-37536",
    "datePublished": "2023-10-11T06:46:01.750Z",
    "dateReserved": "2023-07-06T16:29:45.713Z",
    "dateUpdated": "2025-02-13T17:01:28.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-37536",
      "date": "2026-05-28",
      "epss": "0.02007",
      "percentile": "0.8396"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-37536\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2023-10-11T07:15:10.580\",\"lastModified\":\"2024-11-21T08:11:53.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de l\u00edmites a trav\u00e9s de una solicitud HTTP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-680\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:xerces-c\\\\+\\\\+:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12DE323-B495-4294-B491-D18A2134D3E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.5.23\",\"matchCriteriaId\":\"C944AE77-DEF5-4AF7-A900-F82CB023F5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.10\",\"matchCriteriaId\":\"5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html\",\"source\":\"psirt@hcl.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/\",\"source\":\"psirt@hcl.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/\",\"source\":\"psirt@hcl.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:16:30.600Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37536\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T03:55:41.734161Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*\", \"cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*\"], \"vendor\": \"hcltech\", \"product\": \"bigfix_platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.5.22\"}, {\"status\": \"affected\", \"version\": \"9.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\"], \"vendor\": \"fedoraproject\", \"product\": \"fedora\", \"versions\": [{\"status\": \"affected\", \"version\": \"37\"}, {\"status\": \"affected\", \"version\": \"38\"}, {\"status\": \"affected\", \"version\": \"39\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:apache:xerces-c\\\\+\\\\+:3.2.2:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"xerces-c\\\\+\\\\+\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.2\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-680\", \"description\": \"CWE-680 Integer Overflow to Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T13:01:14.287Z\"}}], \"cna\": {\"title\": \"HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"BigFix Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.5 - 9.5.22, 10 - 10.0.9\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-28T18:26:00.000Z\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\u003c/span\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2023-10-11T06:46:01.750Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-37536\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T17:16:30.600Z\", \"dateReserved\": \"2023-07-06T16:29:45.713Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2023-10-11T06:46:01.750Z\", \"assignerShortName\": \"HCL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2023-06960

Vulnerability from fstec - Published: 11.10.2023

Title

Уязвимость библиотеки Хerces C++ платформы совместного управления ИТ-оборудованием BigFix Platform, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость библиотеки Хerces C++ платформы совместного управления ИТ-оборудованием BigFix Platform вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путем отправки специально сформированного HTTP-запроса

Severity


                    
                      AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Vendor

Red Hat Inc., ООО «Ред Софт», ООО «РусБИТех-Астра», АО «НТЦ ИТ РОСА», Apache Software Foundation, HCL Technologies, АО "НППКТ"

Software Name

Red Hat Enterprise Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), РОСА Кобальт (запись в едином реестре российских программ №1999), Xerces C++, BigFix Platform, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 7.9 (РОСА Кобальт), 3.2.3 (Xerces C++), от 9.0.0 до 9.5.23 (BigFix Platform), от 10.0.0 до 10.0.10 (BigFix Platform), до 2.10 (ОСОН ОСнова Оnyx)

Possible Mitigations

Компенсирующие меры: - использование средств межсетевого экранирования и средств обнаружения и предотвращения вторжений (IDS/IPS) для отслеживания подключений к устройству; - ограничение доступа к устройству из внешних сетей (Интернет); - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций: Для BigFix Platform: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-37536 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОСОН ОСнова Оnyx (версия 2.10): Обновление программного обеспечения xerces-c до версии 3.2.2+debian-1+deb10u2 Для ОС Astra Linux: обновить пакет xerces-c до 3.2.2+debian-1+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет xerces-c до 3.2.2+debian-1+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562 Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562

Reference

https://access.redhat.com/security/cve/cve-2023-37536 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 https://vuldb.com/ru/?id.241902 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://abf.rosa.ru/advisories/ROSA-SA-2025-2562 https://abf.rosa.ru/advisories/ROSA-SA-2025-2562

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Apache Software Foundation, HCL Technologies, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 3.2.3 (Xerces C++), \u043e\u0442 9.0.0 \u0434\u043e 9.5.23 (BigFix Platform), \u043e\u0442 10.0.0 \u0434\u043e 10.0.10 (BigFix Platform), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 (IDS/IPS) \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f BigFix Platform:\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-37536\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f xerces-c \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.2.2+debian-1+deb10u2\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 xerces-c \u0434\u043e 3.2.2+debian-1+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 xerces-c \u0434\u043e 3.2.2+debian-1+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.10.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06960",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-37536",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), Xerces C++, BigFix Platform, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0425erces C++ \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0418\u0422-\u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c BigFix Platform, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0425erces C++ \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0418\u0422-\u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c BigFix Platform \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2023-37536\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\nhttps://vuldb.com/ru/?id.241902\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2562\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2562",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,2)"
}

CERTFR-2024-AVI-0903

Vulnerability from certfr_avis - Published: 2024-10-18 - Updated: 2024-10-18

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	N/A	WebSphere Application Server Liberty versions 20.0.12 à 24.0.0.10 sans le correctif de sécurité PH63533 ou antérieures à 24.0.0.11 (disponibilité prévue pour le dernier trimestre 2024)
IBM	N/A	QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP10
IBM	N/A	Storage Protect Server versions 8.1.x antérieures à 8.1.24
IBM	N/A	Robotic Process Automation pour Cloud Pak versions 23.0.x antérieures à 23.0.18
IBM	N/A	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10
IBM	N/A	Robotic Process Automation versions 21.0..0.x antérieures à 21.0.7.18
IBM	N/A	Robotic Process Automation versions 23.0.x antérieures à 23.0.18
IBM	N/A	Robotic Process Automation pour Cloud Pak versions 21.0.0.x antérieures à 21.0.7.18
IBM	N/A	QRadar Network Capture versions 7.5.x antérieures à 7.5.0 Update Package 10

References

Title

Publication Time

CERTFR-2024-AVI-1103

Vulnerability from certfr_avis - Published: 2024-12-20 - Updated: 2024-12-20

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01
IBM	QRadar SIEM	Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001

References

Title

Publication Time

FKIE_CVE-2023-37536

Vulnerability from fkie_nvd - Published: 2023-10-11 07:15 - Updated: 2024-11-21 08:11

Severity

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

References

URL	Tags
psirt@hcl.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
psirt@hcl.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
psirt@hcl.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
psirt@hcl.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/	Mailing List, Third Party Advisory
psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791	Vendor Advisory

Impacted products

Vendor	Product	Version
apache	xerces-c\+\+	3.2.3
hcltech	bigfix_platform	*
hcltech	bigfix_platform	*
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12DE323-B495-4294-B491-D18A2134D3E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C944AE77-DEF5-4AF7-A900-F82CB023F5FD",
              "versionEndExcluding": "9.5.23",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28",
              "versionEndExcluding": "10.0.10",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de l\u00edmites a trav\u00e9s de una solicitud HTTP."
    }
  ],
  "id": "CVE-2023-37536",
  "lastModified": "2024-11-21T08:11:53.283",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.3,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-11T07:15:10.580",
  "references": [
    {
      "source": "psirt@hcl.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
    },
    {
      "source": "psirt@hcl.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
    },
    {
      "source": "psirt@hcl.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
    },
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
    },
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-680"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-62MQ-P983-GJVX

Vulnerability from github – Published: 2023-10-11 09:34 – Updated: 2024-08-01 15:31

Details

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Severity

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-37536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-680"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T07:15:10Z",
    "severity": "HIGH"
  },
  "details": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.",
  "id": "GHSA-62mq-p983-gjvx",
  "modified": "2024-08-01T15:31:23Z",
  "published": "2023-10-11T09:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-37536

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Aliases

CVE-2023-37536

Aliases

CVE-2023-37536

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-37536",
    "id": "GSD-2023-37536"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-37536"
      ],
      "details": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.",
      "id": "GSD-2023-37536",
      "modified": "2023-12-13T01:20:24.794836Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@hcl.com",
        "ID": "CVE-2023-37536",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BigFix Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "9.5 - 9.5.22, 10 - 10.0.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HCL Software"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791",
            "refsource": "MISC",
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D12DE323-B495-4294-B491-D18A2134D3E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C944AE77-DEF5-4AF7-A900-F82CB023F5FD",
                    "versionEndExcluding": "9.5.23",
                    "versionStartIncluding": "9.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28",
                    "versionEndExcluding": "10.0.10",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
          },
          {
            "lang": "es",
            "value": "Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de l\u00edmites a trav\u00e9s de una solicitud HTTP."
          }
        ],
        "id": "CVE-2023-37536",
        "lastModified": "2023-12-31T14:15:42.080",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 5.3,
              "source": "psirt@hcl.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-10-11T07:15:10.580",
        "references": [
          {
            "source": "psirt@hcl.com",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
          },
          {
            "source": "psirt@hcl.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
          },
          {
            "source": "psirt@hcl.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
          },
          {
            "source": "psirt@hcl.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
          },
          {
            "source": "psirt@hcl.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
          }
        ],
        "sourceIdentifier": "psirt@hcl.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-190"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

NCSC-2024-0292

Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52

Summary

Kwetsbaarheden verholpen in Oracle Essbase

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Er zijn kwetsbaarheden verholpen in Oracle Essbase.

Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.

Kans: medium

Schade: high

CWE-770: Allocation of Resources Without Limits or Throttling

CVE-2023-37536

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 3 products

Product	Identifier	Version
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—

CVE-2024-26308

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—

References

6 references

URL	Category
https://nvd.nist.gov/vuln/detail/CVE-2023-37536	external
https://nvd.nist.gov/vuln/detail/CVE-2024-26308	external
https://www.oracle.com/docs/tech/security-alerts/…	external
https://www.oracle.com/security-alerts/cpujul2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Er zijn kwetsbaarheden verholpen in Oracle Essbase.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Verhoogde gebruikersrechten",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
      },
      {
        "category": "external",
        "summary": "Reference - oracle",
        "url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; ibm; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Essbase",
    "tracking": {
      "current_release_date": "2024-07-17T13:52:18.885359Z",
      "id": "NCSC-2024-0292",
      "initial_release_date": "2024-07-17T13:52:18.885359Z",
      "revision_history": [
        {
          "date": "2024-07-17T13:52:18.885359Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-816317",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-912567",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-1503612",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-37536",
      "product_status": {
        "known_affected": [
          "CSAFPID-816317",
          "CSAFPID-912567",
          "CSAFPID-1503612"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-37536",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37536.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816317",
            "CSAFPID-912567",
            "CSAFPID-1503612"
          ]
        }
      ],
      "title": "CVE-2023-37536"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912567",
          "CSAFPID-1503612"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26308",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912567",
            "CSAFPID-1503612"
          ]
        }
      ],
      "title": "CVE-2024-26308"
    }
  ]
}

NCSC-2024-0306

Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:55 - Updated: 2024-07-17 13:55

Summary

Kwetsbaarheden verholpen in Oracle Supply Chain

Notes

Feiten: Er zijn kwetsbaarheden verholpen in Oracle Supply Chain.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: * Denial-of-Service (DoS) * Toegang tot gevoelige gegevens * Toegang tot systeemgegevens * Manipulatie van gegevens * (Remote) code execution (Gebruikersrechten)

Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.

Kans: medium

Schade: high

CWE-192: Integer Coercion Error

CWE-20: Improper Input Validation

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-681: Incorrect Conversion between Numeric Types

CWE-770: Allocation of Resources Without Limits or Throttling

CVE-2022-34169

CWE-192 - Integer Coercion Error

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
autovue_for_agile_product_lifecycle_management oracle	`cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*`	—
agile_engineering_data_management oracle	`cpe:2.3:a:oracle:agile_engineering_data_management::::::::`	—

CVE-2023-24998

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
autovue_for_agile_product_lifecycle_management oracle	`cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*`	—
agile_engineering_data_management oracle	`cpe:2.3:a:oracle:agile_engineering_data_management::::::::`	—

CVE-2023-37536

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
agile_engineering_data_management oracle	`cpe:2.3:a:oracle:agile_engineering_data_management::::::::`	—
autovue_for_agile_product_lifecycle_management oracle	`cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*`	—

CVE-2023-44487

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
agile_engineering_data_management oracle	`cpe:2.3:a:oracle:agile_engineering_data_management::::::::`	—
autovue_for_agile_product_lifecycle_management oracle	`cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*`	—

CVE-2023-46589

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
agile_engineering_data_management oracle	`cpe:2.3:a:oracle:agile_engineering_data_management::::::::`	—
autovue_for_agile_product_lifecycle_management oracle	`cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*`	—

References

12 references

URL	Category
https://nvd.nist.gov/vuln/detail/CVE-2022-34169	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24998	external
https://nvd.nist.gov/vuln/detail/CVE-2023-37536	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46589	external
https://www.oracle.com/docs/tech/security-alerts/…	external
https://www.oracle.com/security-alerts/cpujul2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Er zijn kwetsbaarheden verholpen in Oracle Supply Chain.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Integer Coercion Error",
        "title": "CWE-192"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Incorrect Conversion between Numeric Types",
        "title": "CWE-681"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
      },
      {
        "category": "external",
        "summary": "Reference - oracle",
        "url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; ibm; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
      }
    ],
    "title": " Kwetsbaarheden verholpen in Oracle Supply Chain",
    "tracking": {
      "current_release_date": "2024-07-17T13:55:37.062720Z",
      "id": "NCSC-2024-0306",
      "initial_release_date": "2024-07-17T13:55:37.062720Z",
      "revision_history": [
        {
          "date": "2024-07-17T13:55:37.062720Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "agile_engineering_data_management",
            "product": {
              "name": "agile_engineering_data_management",
              "product_id": "CSAFPID-764768",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "autovue_for_agile_product_lifecycle_management",
            "product": {
              "name": "autovue_for_agile_product_lifecycle_management",
              "product_id": "CSAFPID-2302",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-34169",
      "cwe": {
        "id": "CWE-192",
        "name": "Integer Coercion Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Coercion Error",
          "title": "CWE-192"
        },
        {
          "category": "other",
          "text": "Incorrect Conversion between Numeric Types",
          "title": "CWE-681"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2302",
          "CSAFPID-764768"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-34169",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
        }
      ],
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2023-24998",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2302",
          "CSAFPID-764768"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-24998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
        }
      ],
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-37536",
      "product_status": {
        "known_affected": [
          "CSAFPID-764768",
          "CSAFPID-2302"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-37536",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37536.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764768",
            "CSAFPID-2302"
          ]
        }
      ],
      "title": "CVE-2023-37536"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764768",
          "CSAFPID-2302"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-46589",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764768",
          "CSAFPID-2302"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46589",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764768",
            "CSAFPID-2302"
          ]
        }
      ],
      "title": "CVE-2023-46589"
    }
  ]
}

RHSA-2024:8795

Vulnerability from csaf_redhat - Published: 2024-11-04 01:40 - Updated: 2026-03-18 02:46

Summary

Red Hat Security Advisory: xerces-c security update

Severity

Important

Notes

Topic: An update for xerces-c is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es): * xerces-c: An integer overflow issue that allows remote attackers to cause out-of-bound access via HTTP request (CVE-2023-37536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-37536

An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-optional-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:8795	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2243426	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-37536	self
https://bugzilla.redhat.com/show_bug.cgi?id=2243426	external
https://www.cve.org/CVERecord?id=CVE-2023-37536	external
https://nvd.nist.gov/vuln/detail/CVE-2023-37536	external
https://support.hcltechsw.com/csm?id=kb_article&s…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for xerces-c is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents.\n\nSecurity Fix(es):\n\n* xerces-c: An integer overflow issue that allows remote attackers to cause out-of-bound access via HTTP request (CVE-2023-37536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:8795",
        "url": "https://access.redhat.com/errata/RHSA-2024:8795"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2243426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243426"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8795.json"
      }
    ],
    "title": "Red Hat Security Advisory: xerces-c security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:46:32+00:00",
      "generator": {
        "date": "2026-03-18T02:46:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:8795",
      "initial_release_date": "2024-11-04T01:40:01+00:00",
      "revision_history": [
        {
          "date": "2024-11-04T01:40:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-11-04T01:40:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:46:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                  "product_id": "7Server-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                  "product_id": "7Server-optional-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.src",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.src",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.s390",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.s390",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.s390x",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.s390x",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.x86_64",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.x86_64",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.i686",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.i686",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
                "product": {
                  "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
                  "product_id": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c@3.1.1-10.el7_9.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
                "product": {
                  "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
                  "product_id": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-debuginfo@3.1.1-10.el7_9.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
                "product": {
                  "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
                  "product_id": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-devel@3.1.1-10.el7_9.1?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
                "product": {
                  "name": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
                  "product_id": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-c-doc@3.1.1-10.el7_9.1?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.i686",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.s390",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.src"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.src",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch"
        },
        "product_reference": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.i686",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.s390",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.src"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.src",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-0:3.1.1-10.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64"
        },
        "product_reference": "xerces-c-0:3.1.1-10.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64"
        },
        "product_reference": "xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64"
        },
        "product_reference": "xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch"
        },
        "product_reference": "xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
        "relates_to_product_reference": "7Server-optional-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-37536",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2023-10-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2243426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xerces-c: An integer overflow issue that allows remote attackers to cause out-of-bound access via HTTP request",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "RHEL-6 is Out of Support Scope. \nhttps://access.redhat.com/articles/4997301",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
          "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
          "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
          "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
          "7Server-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
          "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
          "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
          "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
          "7Server-optional-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-37536"
        },
        {
          "category": "external",
          "summary": "RHBZ#2243426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-37536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536"
        },
        {
          "category": "external",
          "summary": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791",
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
        }
      ],
      "release_date": "2023-10-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-04T01:40:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8795"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
            "7Server-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
            "7Server-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.src",
            "7Server-optional-ELS:xerces-c-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-debuginfo-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.i686",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.ppc64le",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.s390x",
            "7Server-optional-ELS:xerces-c-devel-0:3.1.1-10.el7_9.1.x86_64",
            "7Server-optional-ELS:xerces-c-doc-0:3.1.1-10.el7_9.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xerces-c: An integer overflow issue that allows remote attackers to cause out-of-bound access via HTTP request"
    }
  ]
}

SUSE-SU-2023:4543-1

Vulnerability from csaf_suse - Published: 2023-11-24 08:10 - Updated: 2023-11-24 08:10

Summary

Security update for xerces-c

Severity

Important

Notes

Title of the patch: Security update for xerces-c

Description of the patch: This update for xerces-c fixes the following issues: - CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156).

Patchnames: SUSE-2023-4543,SUSE-SLE-SDK-12-SP5-2023-4543,SUSE-SLE-SERVER-12-SP5-2023-4543

CVE-2023-37536

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.x86_64	—	Vendor Fix

Threats

Impact important

References

11 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1216156	self
https://www.suse.com/security/cve/CVE-2023-37536/	self
https://www.suse.com/security/cve/CVE-2023-37536	external
https://bugzilla.suse.com/1216156	external
https://bugzilla.suse.com/1219472	external
https://bugzilla.suse.com/1219708	external
https://bugzilla.suse.com/1221037	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xerces-c",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xerces-c fixes the following issues:\n\n- CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-4543,SUSE-SLE-SDK-12-SP5-2023-4543,SUSE-SLE-SERVER-12-SP5-2023-4543",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4543-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:4543-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234543-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:4543-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017207.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216156",
        "url": "https://bugzilla.suse.com/1216156"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-37536 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-37536/"
      }
    ],
    "title": "Security update for xerces-c",
    "tracking": {
      "current_release_date": "2023-11-24T08:10:58Z",
      "generator": {
        "date": "2023-11-24T08:10:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:4543-1",
      "initial_release_date": "2023-11-24T08:10:58Z",
      "revision_history": [
        {
          "date": "2023-11-24T08:10:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-3.1.1-13.9.1.aarch64",
                "product": {
                  "name": "libxerces-c-3_1-3.1.1-13.9.1.aarch64",
                  "product_id": "libxerces-c-3_1-3.1.1-13.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-devel-3.1.1-13.9.1.aarch64",
                "product": {
                  "name": "libxerces-c-devel-3.1.1-13.9.1.aarch64",
                  "product_id": "libxerces-c-devel-3.1.1-13.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-3.1.1-13.9.1.aarch64",
                "product": {
                  "name": "xerces-c-3.1.1-13.9.1.aarch64",
                  "product_id": "xerces-c-3.1.1-13.9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-64bit-3.1.1-13.9.1.aarch64_ilp32",
                "product": {
                  "name": "libxerces-c-3_1-64bit-3.1.1-13.9.1.aarch64_ilp32",
                  "product_id": "libxerces-c-3_1-64bit-3.1.1-13.9.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-3.1.1-13.9.1.i586",
                "product": {
                  "name": "libxerces-c-3_1-3.1.1-13.9.1.i586",
                  "product_id": "libxerces-c-3_1-3.1.1-13.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-devel-3.1.1-13.9.1.i586",
                "product": {
                  "name": "libxerces-c-devel-3.1.1-13.9.1.i586",
                  "product_id": "libxerces-c-devel-3.1.1-13.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-3.1.1-13.9.1.i586",
                "product": {
                  "name": "xerces-c-3.1.1-13.9.1.i586",
                  "product_id": "xerces-c-3.1.1-13.9.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
                "product": {
                  "name": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
                  "product_id": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-devel-3.1.1-13.9.1.ppc64le",
                "product": {
                  "name": "libxerces-c-devel-3.1.1-13.9.1.ppc64le",
                  "product_id": "libxerces-c-devel-3.1.1-13.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-3.1.1-13.9.1.ppc64le",
                "product": {
                  "name": "xerces-c-3.1.1-13.9.1.ppc64le",
                  "product_id": "xerces-c-3.1.1-13.9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-3.1.1-13.9.1.s390",
                "product": {
                  "name": "libxerces-c-3_1-3.1.1-13.9.1.s390",
                  "product_id": "libxerces-c-3_1-3.1.1-13.9.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-devel-3.1.1-13.9.1.s390",
                "product": {
                  "name": "libxerces-c-devel-3.1.1-13.9.1.s390",
                  "product_id": "libxerces-c-devel-3.1.1-13.9.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-3.1.1-13.9.1.s390",
                "product": {
                  "name": "xerces-c-3.1.1-13.9.1.s390",
                  "product_id": "xerces-c-3.1.1-13.9.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-3.1.1-13.9.1.s390x",
                "product": {
                  "name": "libxerces-c-3_1-3.1.1-13.9.1.s390x",
                  "product_id": "libxerces-c-3_1-3.1.1-13.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
                "product": {
                  "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
                  "product_id": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-devel-3.1.1-13.9.1.s390x",
                "product": {
                  "name": "libxerces-c-devel-3.1.1-13.9.1.s390x",
                  "product_id": "libxerces-c-devel-3.1.1-13.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-3.1.1-13.9.1.s390x",
                "product": {
                  "name": "xerces-c-3.1.1-13.9.1.s390x",
                  "product_id": "xerces-c-3.1.1-13.9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-3.1.1-13.9.1.x86_64",
                "product": {
                  "name": "libxerces-c-3_1-3.1.1-13.9.1.x86_64",
                  "product_id": "libxerces-c-3_1-3.1.1-13.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
                "product": {
                  "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
                  "product_id": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libxerces-c-devel-3.1.1-13.9.1.x86_64",
                "product": {
                  "name": "libxerces-c-devel-3.1.1-13.9.1.x86_64",
                  "product_id": "libxerces-c-devel-3.1.1-13.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xerces-c-3.1.1-13.9.1.x86_64",
                "product": {
                  "name": "xerces-c-3.1.1-13.9.1.x86_64",
                  "product_id": "xerces-c-3.1.1-13.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-devel-3.1.1-13.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.aarch64"
        },
        "product_reference": "libxerces-c-devel-3.1.1-13.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-devel-3.1.1-13.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.ppc64le"
        },
        "product_reference": "libxerces-c-devel-3.1.1-13.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-devel-3.1.1-13.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.s390x"
        },
        "product_reference": "libxerces-c-devel-3.1.1-13.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-devel-3.1.1-13.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.x86_64"
        },
        "product_reference": "libxerces-c-devel-3.1.1-13.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x"
        },
        "product_reference": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64"
        },
        "product_reference": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-3.1.1-13.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64"
        },
        "product_reference": "libxerces-c-3_1-3.1.1-13.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x"
        },
        "product_reference": "libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64"
        },
        "product_reference": "libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-37536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-37536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-37536",
          "url": "https://www.suse.com/security/cve/CVE-2023-37536"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216156 for CVE-2023-37536",
          "url": "https://bugzilla.suse.com/1216156"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219472 for CVE-2023-37536",
          "url": "https://bugzilla.suse.com/1219472"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219708 for CVE-2023-37536",
          "url": "https://bugzilla.suse.com/1219708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221037 for CVE-2023-37536",
          "url": "https://bugzilla.suse.com/1221037"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.9.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-11-24T08:10:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-37536"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-37536 (GCVE-0-2023-37536)

Solutions

Solutions

Tags

Sightings

Nomenclature