Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-44487 (GCVE-0-2023-44487)
Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52- n/a
- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| ietf | http |
Affected:
2.0
cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < V3.0
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-400 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | HTTP/2 |
| Due Date | 2023-10-31 |
| Date Added | 2023-10-10 |
| Vendorproject | IETF |
| Vulnerabilityname | HTTP/2 Rapid Reset Attack Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as... |
| Vendor | |
| Product | Cloud Platform |
| Added Date | 2023-10-10T00:00:00.000Z |
| Cvss Score | 7.5 |
| Epss Score | 0.99999 |
| Cvss Severity | HIGH |
| Epss Percentile | 0.99996 |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-44487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:34:21.334116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:35.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000Z",
"value": "CVE-2023-44487 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:27.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"tags": [
"x_transferred"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"tags": [
"x_transferred"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"tags": [
"x_transferred"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"tags": [
"x_transferred"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"tags": [
"x_transferred"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:52:23.784Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T20:05:34.376Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"url": "https://github.com/golang/go/issues/63417"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"url": "https://github.com/line/armeria/pull/5232"
},
{
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44487",
"datePublished": "2023-10-10T00:00:00.000Z",
"dateReserved": "2023-09-29T00:00:00.000Z",
"dateUpdated": "2026-05-12T10:52:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-44487",
"cwes": "[\"CWE-400\"]",
"dateAdded": "2023-10-10",
"dueDate": "2023-10-31",
"knownRansomwareCampaignUse": "Unknown",
"notes": "This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"product": "HTTP/2",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).",
"vendorProject": "IETF",
"vulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability"
},
"epss": {
"cve": "CVE-2023-44487",
"date": "2026-06-30",
"epss": "0.99999",
"percentile": "0.99996"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-44487\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-10-10T14:15:10.883\",\"lastModified\":\"2026-06-17T06:27:44.067\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"},{\"lang\":\"es\",\"value\":\"El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"ietf\",\"product\":\"http\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"2.0\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM APE1808\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SINEC NMS\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-23T20:34:21.334116Z\",\"id\":\"CVE-2023-44487\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2023-10-10\",\"cisaActionDue\":\"2023-10-31\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"HTTP/2 Rapid Reset Attack Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"2A7548B8-3DF7-46D9-8A4F-87C38969D900\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1EE93D-BAD2-4B86-910C-8784FCC9F398\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0\",\"matchCriteriaId\":\"C89891C1-DFD7-4E1F-80A9-7485D86A15B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4664B195-AF14-4834-82B3-0B2C98020EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"75BC588E-CDF0-404E-AD61-02093A1DF343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A334F7B4-7283-4453-BAED-D2E01B7F8A6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BEA71C-CA81-4B5D-A688-2B21E62DC351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B405F22-5517-49F5-A7CA-1E50D58DFC75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"AE06B8AF-B36C-4743-A056-30712163F75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:st7_scadaconnect:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1\",\"matchCriteriaId\":\"BCBD17AE-C1AE-4ECF-A991-0FFBDD06D687\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FDCA69-9049-40B4-88AF-F476901022B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B89A6863-B602-4404-8D26-337FECABFFF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"99E36624-A573-47D9-B158-B18A8A822FBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F38253-92F5-4A3A-AA07-292F7542D8A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"19F1C257-0EE6-47DE-B4BE-169F801FFDD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F63E0A-126D-4A93-8159-45EB5E606F81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5200E35-222B-42E0-83E0-5B702684D992\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.57.0\",\"matchCriteriaId\":\"C3BDC297-F023-4E87-8518-B84CCF9DD6A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.100\",\"matchCriteriaId\":\"D12D5257-7ED2-400F-9EF7-40E0D3650C2B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B058776-B5B7-4079-B0AF-23F40926DCEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D565975-EFD9-467C-B6E3-1866A4EF17A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D487271-1B5E-4F16-B0CB-A7B8908935C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.53\",\"matchCriteriaId\":\"A4A6F189-6C43-462D-85C9-B0EBDA8A4683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.17\",\"matchCriteriaId\":\"C993C920-85C0-4181-A95E-5D965A670738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.17\",\"matchCriteriaId\":\"08E79A8E-E12C-498F-AF4F-1AAA7135661E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"F138D800-9A3B-4C76-8A3C-4793083A1517\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.5\",\"matchCriteriaId\":\"6341DDDA-AD27-4087-9D59-0A212F0037B4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"328120E4-C031-44B4-9BE5-03B0CDAA066F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"801F25DA-F38C-4452-8E90-235A3B1A5FF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D93F04AD-DF14-48AB-9F13-8B2E491CF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7522C760-7E07-406F-BF50-5656D5723C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"3A7F605E-EB10-40FB-98D6-7E3A95E310BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"783E62F2-F867-48F1-B123-D1227C970674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"6603ED6A-3366-4572-AFCD-B3D4B1EC7606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"88978E38-81D3-4EFE-8525-A300B101FA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"0510296F-92D7-4388-AE3A-0D9799C2FC4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7698D6C-B1F7-43C1-BBA6-88E956356B3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"05E452AA-A520-4CBE-8767-147772B69194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"596FC5D5-7329-4E39-841E-CAE937C02219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"B3C7A168-F370-441E-8790-73014BCEC39F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"CF16FD01-7704-40AB-ACB2-80A883804D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1769D69A-CB59-46B1-89B3-FB97DC6DEB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"9167FEC1-2C37-4946-9657-B4E69301FB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7B4B3442-E0C0-48CD-87AD-060E15C9801E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8FA85EC1-D91A-49DD-949B-2AF7AC813CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"20662BB0-4C3D-4CF0-B068-3555C65DD06C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59203EBF-C52A-45A1-B8DF-00E17E3EFB51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"7EC2324D-EC8B-41DF-88A7-819E53AAD0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"9B88F9D1-B54B-40C7-A18A-26C4A071D7EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"C8F39403-C259-4D6F-9E9A-53671017EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"220F2D38-FA82-45EF-B957-7678C9FEDBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C698C1C-A3DD-46E2-B05A-12F2604E7F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"922AA845-530A-4B4B-9976-4CBC30C8A324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F938EB43-8373-47EB-B269-C6DF058A9244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"1771493E-ACAA-477F-8AB4-25DB12F6AD6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87670A74-34FE-45DF-A725-25B804C845B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"C7E422F6-C4C2-43AC-B137-0997B5739030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"CC3F710F-DBCB-4976-9719-CF063DA22377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"88EDFCD9-775C-48FA-9CDA-2B04DA8D0612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67DB21AE-DF53-442D-B492-C4ED9A20B105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"4C9FCBCB-9CE0-49E7-85C8-69E71D211912\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"112DFA85-90AD-478D-BD70-8C7C0C074F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"DB704A1C-D8B7-48BB-A15A-C14DB591FE4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"21D51D9F-2840-4DEA-A007-D20111A1745C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC1D037-74D2-4F92-89AD-C90F6CBF440B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"CAEF3EA4-7D5A-4B44-9CE3-258AEC745866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"2FBCE2D1-9D93-415D-AB2C-2060307C305A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8070B469-8CC4-4D2F-97D7-12D0ABB963C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"A326597E-725D-45DE-BEF7-2ED92137B253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B235A78-649B-46C5-B24B-AB485A884654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"08B25AAB-A98C-4F89-9131-29E3A8C0ED23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"98D2CE1E-DED0-470A-AA78-C78EF769C38E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"C966FABA-7199-4F0D-AB8C-4590FE9D2FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D00768-E71B-4FF7-A7BF-F2C8CFBC900D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"BC36311E-BB00-4750-85C8-51F5A2604F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"A65D357E-4B40-42EC-9AAA-2B6CEF78C401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABBD10E8-6054-408F-9687-B9BF6375CA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E6018B01-048C-43BB-A78D-66910ED60CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"3A6A5686-5A8B-45D5-9165-BC99D2CCAC47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"5D2A121F-5BD2-4263-8ED3-1DDE25B5C306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83794B04-87E2-4CA9-81F5-BB820D0F5395\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D9EC2237-117F-43BD-ADEC-516CF72E04EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F70D4B6F-65CF-48F4-9A07-072DFBCE53D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"29563719-1AF2-4BB8-8CCA-A0869F87795D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D24815DD-579A-46D1-B9F2-3BB2C56BC54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6E7035-3299-474F-8F67-945EA9A059D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"0360F76D-E75E-4B05-A294-B47012323ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7A4607BF-41AC-4E84-A110-74E085FF0445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"441CC945-7CA3-49C0-AE10-94725301E31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"46BA8E8A-6ED5-4FB2-8BBC-586AA031085A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969C4F14-F6D6-46D6-B348-FC1463877680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.8.2\",\"matchCriteriaId\":\"41AD5040-1250-45F5-AB63-63F333D49BCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8257AA59-C14D-4EC1-B22C-DFBB92CBC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"37DB32BB-F4BA-4FB5-94B1-55C3F06749CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"FFF5007E-761C-4697-8D34-C064DF0ABE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"910441D3-90EF-4375-B007-D51120A60AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667EB77B-DA13-4BA4-9371-EE3F3A109F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8A6F9699-A485-4614-8F38-5A556D31617E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"5A90F547-97A2-41EC-9FDF-25F869F0FA38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"E76E1B82-F1DC-4366-B388-DBDF16C586A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"660137F4-15A1-42D1-BBAC-99A1D5BB398B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C446827A-1F71-4FAD-9422-580642D26AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"1932D32D-0E4B-4BBD-816F-6D47AB2E2F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"D47B7691-A95B-45C0-BAB4-27E047F3C379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"2CD1637D-0E42-4928-867A-BA0FDB6E8462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"3A599F90-F66B-4DF0-AD7D-D234F328BD59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1B2000-C3FE-4B4C-885A-A5076EB164E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"57D92D05-C67D-437E-88F3-DCC3F6B0ED2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"ECCB8C30-861E-4E48-A5F5-30EE523C1FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB23AE6-245E-43D6-B832-933F8259F937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.5\",\"versionEndIncluding\":\"1.25.2\",\"matchCriteriaId\":\"1188B4A9-2684-413C-83D1-E91C75AE0FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.2\",\"matchCriteriaId\":\"3337609D-5291-4A52-BC6A-6A8D4E60EB20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.3.0\",\"matchCriteriaId\":\"6CF0ABD9-EB28-4966-8C31-EED7AFBF1527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r25\",\"versionEndExcluding\":\"r29\",\"matchCriteriaId\":\"F291CB34-47A4-425A-A200-087CC295AEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5892B558-EC3A-43FF-A1D5-B2D9F70796F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BF2B19-52C7-4051-BA58-CAE6F912B72F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.93\",\"matchCriteriaId\":\"ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.80\",\"matchCriteriaId\":\"F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.1.13\",\"matchCriteriaId\":\"0765CC3D-AB1A-4147-8900-EF4C105321F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio_http\\\\/2:*:*:*:*:*:swift:*:*\",\"versionEndExcluding\":\"1.28.0\",\"matchCriteriaId\":\"08190072-3880-4EF5-B642-BA053090D95B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.56.3\",\"matchCriteriaId\":\"5F4CDEA9-CB47-4881-B096-DA896E2364F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionEndIncluding\":\"1.59.2\",\"matchCriteriaId\":\"E65AF7BC-7DAE-408A-8485-FBED22815F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.58.0\",\"versionEndExcluding\":\"1.58.3\",\"matchCriteriaId\":\"DD868DDF-C889-4F36-B5E6-68B6D9EA48CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*\",\"matchCriteriaId\":\"FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"4496821E-BD55-4F31-AD9C-A3D66CBBD6BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"8DF7ECF6-178D-433C-AA21-BAE9EF248F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"1C3418F4-B8BF-4666-BB39-C188AB01F45C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-08\",\"matchCriteriaId\":\"3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.2.20\",\"matchCriteriaId\":\"16A8F269-E07E-402F-BFD5-60F3988A5EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4\",\"versionEndExcluding\":\"17.4.12\",\"matchCriteriaId\":\"C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6\",\"versionEndExcluding\":\"17.6.8\",\"matchCriteriaId\":\"DA5834D4-F52F-41C0-AA11-C974FFEEA063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndExcluding\":\"17.7.5\",\"matchCriteriaId\":\"2166106F-ACD6-4C7B-B0CC-977B83CC5F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"4CD49C41-6D90-47D3-AB4F-4A74169D3A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4974\",\"matchCriteriaId\":\"E500D59C-6597-45E9-A57B-BE26C0C231D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.3570\",\"matchCriteriaId\":\"C9F9A643-90C6-489C-98A0-D2739CE72F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.3570\",\"matchCriteriaId\":\"1814619C-ED07-49E0-A50A-E28D824D43BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.2538\",\"matchCriteriaId\":\"100A27D3-87B0-4E72-83F6-7605E3F35E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.2428\",\"matchCriteriaId\":\"C6A36795-0238-45C9-ABE6-3DCCF751915B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.18.2\",\"matchCriteriaId\":\"94BAB9EB-1527-4D9A-BADE-0708579536CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.0.0\",\"versionEndExcluding\":\"20.8.1\",\"matchCriteriaId\":\"69843DE4-4721-4F0A-A9B7-0F6DF5AAA388\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"B25279EF-C406-4133-99ED-0492703E0A4E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.10.16.00\",\"matchCriteriaId\":\"9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"EDEB508E-0EBD-4450-9074-983DDF568AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.9\",\"matchCriteriaId\":\"93A1A748-6C71-4191-8A16-A93E94E2CDE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.3\",\"matchCriteriaId\":\"4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.0\",\"matchCriteriaId\":\"6F70360D-6214-46BA-AF82-6AB01E13E4E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.2\",\"matchCriteriaId\":\"E2DA759E-1AF8-49D3-A3FC-1B426C13CA82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.6\",\"matchCriteriaId\":\"28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.3\",\"matchCriteriaId\":\"F0C8E760-C8D2-483A-BBD4-6A6D292A3874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.1\",\"matchCriteriaId\":\"5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"050AE218-3871-44D6-94DA-12D84C2093CB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.5\",\"matchCriteriaId\":\"B36BFFB0-C0EC-4926-A1DB-0B711C846A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"376EAF9B-E994-4268-9704-0A45EA30270F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D08335-C291-4623-B80C-3B14C4D1FA32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21033CEE-CEF5-4B0D-A565-4A6FC764AA6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"FC4C66B1-42C0-495D-AE63-2889DE0BED84\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndIncluding\":\"2.12.5\",\"matchCriteriaId\":\"8633E263-F066-4DD8-A734-90207207A873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"34A23BD9-A0F4-4D85-8011-EAC93C29B4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"27ED3533-A795-422F-B923-68BE071DC00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"45F7E352-3208-4188-A5B1-906E00DF9896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"DF89A8AD-66FE-439A-B732-CAAB304D765B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.26.0\",\"matchCriteriaId\":\"A400C637-AF18-4BEE-B57C-145261B65DEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"653A5B08-0D02-4362-A8B1-D00B24C6C6F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D54F5AE-61EC-4434-9D5F-9394A3979894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E37E1B3-6F68-4502-85D6-68333643BDFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F13B03-69BF-4A8B-A0A0-7F47FD857461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9393119E-F018-463F-9548-60436F104195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC45EE1E-2365-42D4-9D55-92FA24E5ED3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E567CD9F-5A43-4D25-B911-B5D0440698F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68146098-58F8-417E-B165-5182527117C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB4D6790-63E5-4043-B8BE-B489D649061D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78698F40-0777-4990-822D-02E1B5D0E2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B87C8AD3-8878-4546-86C2-BF411876648C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58966CB-36AF-4E64-AB39-BE3A0753E155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585BC540-073B-425B-B664-5EA4C00AFED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A305F012-544E-4245-9D69-1C8CD37748B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF93A27E-AA2B-4C2E-9B8D-FE7267847326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B12A3A8-6456-481A-A0C9-524543FCC149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E22EBF9-AA0D-4712-9D69-DD97679CE835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"941B114C-FBD7-42FF-B1D8-4EA30E99102C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"339CFB34-A795-49F9-BF6D-A00F3A1A4F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D044DBE-6F5A-4C53-828E-7B1A570CACFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*\",\"matchCriteriaId\":\"65203CA1-5225-4E55-A187-6454C091F532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA9B2E2-958B-478D-87D6-E5CDDCD44315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF390236-3259-4C8F-891C-62ACC4386CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B129311C-EB4B-4041-B85C-44D5E53FCAA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AB54DB-3FB4-41CB-88ED-1400FD22AB85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1987BDA-0113-4603-B9BE-76647EB043F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848C92A9-0677-442B-8D52-A448F2019903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F564701-EDC1-43CF-BB9F-287D6992C6CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B0CF2B-D1E1-4E20-846E-6F0D873499A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8885C2C-7FB8-40CA-BCB9-B48C50BF2499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A903C3AD-2D25-45B5-BF4A-A5BEB2286627\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC5EBD2A-32A3-46D5-B155-B44DCB7F6902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5.3\",\"matchCriteriaId\":\"C2792650-851F-4820-B003-06A4BEA092D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"9F6B63B9-F4C9-4A3F-9310-E0918E1070D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndIncluding\":\"2.414.2\",\"matchCriteriaId\":\"E6FF5F80-A991-43D4-B49F-D843E2BC5798\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"2.427\",\"matchCriteriaId\":\"54D25DA9-12D0-4F14-83E6-C69D0293AAB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.0\",\"matchCriteriaId\":\"8E1AFFB9-C717-4727-B0C9-5A0C281710E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.21.4.3\",\"matchCriteriaId\":\"25C85001-E0AB-4B01-8EE7-1D9C77CD956E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.003.009\",\"matchCriteriaId\":\"FB2BDBAC-8D19-4F81-8D31-6D0955A53D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"F98F9D27-6659-413F-8F29-4FDB0882AAC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"C98BF315-C563-47C2-BAD1-63347A3D1008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"3F30E209-FA52-4D3B-9B88-4193EA388554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_situation_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3178F3A5-A072-44E1-A225-B04BC536F4FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"AA2BE0F1-DD16-4876-8EBA-F187BD38B159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796B6C58-2140-4105-A2A1-69865A194A75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA99DC6-EA03-469F-A8BE-7F96FDF0B333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"6560DBF4-AFE6-4672-95DE-74A0B8F4170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.2\",\"matchCriteriaId\":\"84785919-796D-41E5-B652-6B5765C81D4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.11.0\",\"matchCriteriaId\":\"92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.1\",\"matchCriteriaId\":\"4FE2F959-1084-48D1-B1F1-8182FC9862DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.10.4\",\"matchCriteriaId\":\"5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2\",\"matchCriteriaId\":\"1BB6B48E-EA36-40A0-96D0-AF909BEC1147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"2CBED844-7F94-498C-836D-8593381A9657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.2\",\"matchCriteriaId\":\"C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"358FA1DC-63D3-49F6-AC07-9E277DD0D9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.01.0\",\"matchCriteriaId\":\"BFF2D182-7599-4B81-B56B-F44EDA1384C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4868BCCA-24DE-4F24-A8AF-B3A545C0396E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"BEC75F99-C7F0-47EB-9032-C9D3A42EBA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6638F4E-16F7-447D-B755-52640BCB1C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC34F742-530E-4AB4-8AFC-D1E088E256B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.6.2\",\"matchCriteriaId\":\"E22AD683-345B-4E16-BB9E-E9B1783E09AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.22\",\"matchCriteriaId\":\"2955BEE9-F567-4006-B96D-92E10FF84DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.15.1\",\"matchCriteriaId\":\"67502878-DB20-4410-ABA0-A1C5705064CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.11.2\",\"matchCriteriaId\":\"177DED2D-8089-4494-BDD9-7F84FC06CD5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.1.0\",\"matchCriteriaId\":\"54A29FD3-4128-4333-8445-A7DD04A6ECF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67074526-9933-46B3-9FE3-A0BE73C5E8A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528ED62B-D739-4E06-AC64-B506FD73BBAB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C10D85-88AC-4A79-8866-BED88A0F8DF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F4E8EE4-031D-47D3-A12E-EE5F792172EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14D4B4E-120E-4607-A4F1-447C7BF3052E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15702ACB-29F3-412D-8805-E107E0729E35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E930332-CDDD-48D5-93BC-C22D693BBFA2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B34855-D8D2-4114-80D2-A4D159C62458\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4226DA0-9371-401C-8247-E6E636A116C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DBBFE9-835C-4411-8492-6006E74BAC65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3293438-3D18-45A2-B093-2C3F65783336\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x\\\\/3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E142C18F-9FB5-4D96-866A-141D7D16CAF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7817F4E6-B2DA-4F06-95A4-AF329F594C02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED628B5-97A8-4B26-AA40-BEC854982157\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9DD73-E31D-4921-A6D6-E14E04703588\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq\\\\/pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EFC116A-627F-4E05-B631-651D161217C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4532F513-0543-4960-9877-01F23CA7BA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B43502B-FD53-465A-B60F-6A359C6ACD99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3229124-B097-4AAC-8ACD-2F9C89DCC3AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A532C0-B0E3-484A-B356-88970E7D0248\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C84D24C-2256-42AF-898A-221EBE9FE1E4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652A2849-668D-4156-88FB-C19844A59F33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D008CA1C-6F5A-40EA-BB12-A9D84D5AF700\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43913A0E-50D5-47DD-94D8-DD3391633619\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA52D5C1-13D8-4D23-B022-954CCEF491F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1073F-D374-4311-8F12-AD8C72FAA293\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF5AF71-15DF-4151-A1CF-E138A7103FC8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F80A72-AD54-4699-B8AE-82715F0B58E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E505C0B1-2119-4C6A-BF96-C282C633D169\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088C0323-683A-44F5-8D42-FF6EC85D080E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CB4002-7636-4382-B33E-FBA060A13C34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"915EF8F6-6039-4DD0-B875-30D911752B74\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97217080-455C-48E4-8CE1-6D5B9485864F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57572E4A-78D5-4D1A-938B-F05F01759612\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD9C1F1-8582-4F67-A77D-97CBFECB88B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24CA1A59-2681-4507-AC74-53BD481099B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4283E433-7F8C-4410-B565-471415445811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFB9FDE8-8533-4F65-BF32-4066D042B2F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80AB6FB-32FD-43D7-A9F1-80FA47696210\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA5389A-8AD1-476E-983A-54DF573C30F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1B1A8F1-45B1-4E64-A254-7191FA93CB6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83DA8BFA-D7A2-476C-A6F5-CAE610033BC2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"557ED31C-C26A-4FAE-8B14-D06B49F7F08B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11411BFD-3F4D-4309-AB35-A3629A360FB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB2FFD26-8255-4351-8594-29D2AEFC06EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E10975-B47E-4F4D-8096-AEC7B7733612\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40E40F42-632A-47DF-BE33-DC25B826310B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C64136-89C2-443C-AF7B-BED81D3DE25A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBEF7F26-BB47-44BD-872E-130820557C23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"182000E0-8204-4D8B-B7DE-B191AFE12E28\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC208BC-7E19-48C6-A20E-A79A51B7362C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"102F91CD-DFB6-43D4-AE5B-DA157A696230\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E952A96A-0F48-4357-B7DD-1127D8827650\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084D0191-563B-4FF0-B589-F35DA118E1C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DB6FC5-762A-4F16-AE8C-69330EFCF640\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70D81F1-8B12-4474-9060-B4934D8A3873\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5394DE31-3863-4CA9-B7B1-E5227183100D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968390BC-B430-4903-B614-13104BFAE635\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7349D69B-D8FA-4462-AA28-69DD18A652D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4BB834-2C00-4384-A78E-AF3BCDDC58AF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE49B45-F2E9-491D-9C29-1B46E9CE14E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFAD21E-59EE-4CCE-8F1E-621D2EA50905\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91231DC6-2773-4238-8C14-A346F213B5E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C3CE6D-BD54-48B1-A188-8E53DA001424\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"498991F7-39D6-428C-8C7D-DD8DC72A0346\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113772B6-E9D2-4094-9468-3F4E1A87D07D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B90D36-5124-4669-8462-4EAF35B0F53D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FC2B1F-232E-4754-8076-CC82F3648730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F1127D2-12C0-454F-91EF-5EE334070D06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6EB963-E0F2-4A02-8765-AB2064BE19E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"785FD17C-F32E-4042-9DDE-A89B3AAE0334\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAAF99B-5406-4722-81FB-A91CBAC2DF41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DC1E93-561E-490C-AE0E-B02BAB9A7C8E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF467E2-4567-426E-8F48-39669E0F514C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68EA1FEF-B6B6-49FE-A0A4-5387F76303F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D6DB7F-C025-4971-9615-73393ED61078\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4364ADB9-8162-451D-806A-B98924E6B2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53BCB42-ED61-4FCF-8068-CB467631C63C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"737C724A-B6CD-4FF7-96E0-EBBF645D660E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7067AEC7-DFC8-4437-9338-C5165D9A8F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E0371B-FDE2-473C-AA59-47E1269D050F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"489D11EC-5A18-4F32-BC7C-AC1FCEC27222\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D4CF15-B293-4403-A1A9-96AD3933BAEF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBCC1515-2DBE-4DF2-8E83-29A869170F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7282AAFF-ED18-4992-AC12-D953C35EC328\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA022E77-6557-4A33-9A3A-D028E2DB669A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360409CC-4172-4878-A76B-EA1C1F8C7A79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8D5D5E2-B40B-475D-9EF3-8441016E37E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F59A4B-AE92-4533-8EDC-D1DD850309FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492A2C86-DD38-466B-9965-77629A73814F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB7AA46-4018-4925-963E-719E1037F759\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B9D1E4-10B9-4B6F-B848-D93ABF6486D6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB270C45-756E-400A-979F-D07D750C881A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8A085C-2DBA-4269-AB01-B16019FBB4DA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79DD582-AF68-44F1-B640-766B46EF2BE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04484DA-AA59-4833-916E-6A8C96D34F0D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07B5399-44C7-468D-9D57-BB5B5E26CE50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76FB64F-16F0-4B0B-B304-B46258D434BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E02DC82-0D26-436F-BA64-73C958932B0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E128053-834B-4DD5-A517-D14B4FC2B56F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163743A1-09E7-4EC5-8ECA-79E4B9CE173B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE340E4C-DC48-4FC8-921B-EE304DB5AE0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C367BBE0-D71F-4CB5-B50E-72B033E73FE1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E1D224-4751-4233-A127-A041068C804A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD31B075-01B1-429E-83F4-B999356A0EB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3284D16F-3275-4F8D-8AE4-D413DE19C4FA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/grpc/grpc/releases/tag/v1.59.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/13/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/node/pull/50121\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/go/issues/63417\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/line/armeria/pull/5232\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openresty/openresty/issues/930\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/apisix/issues/10320\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/13/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:08:27.383Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44487\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T20:34:21.334116Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-10-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\"], \"vendor\": \"ietf\", \"product\": \"http\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-10T00:00:00.000Z\", \"value\": \"CVE-2023-44487 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T18:31:22.372Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\"}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\"}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\"}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\"}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\"}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\"}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\"}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\"}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\"}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\"}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\"}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\"}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\"}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\"}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\"}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\"}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\"}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\"}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\"}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\"}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\"}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\"}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/7\", \"name\": \"[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/6\", \"name\": \"[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\"}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\"}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\"}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\"}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\"}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\"}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\"}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\"}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\"}, {\"url\": \"https://github.com/nodejs/node/pull/50121\"}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\"}, {\"url\": \"https://github.com/golang/go/issues/63417\"}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\"}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\"}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\"}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\"}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\"}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\"}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\"}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\"}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\"}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\"}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\"}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\"}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\"}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\"}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\"}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\"}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\"}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\"}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\"}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\"}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\"}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\"}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\"}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\"}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\"}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\"}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\"}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\"}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\"}, {\"url\": \"https://github.com/line/armeria/pull/5232\"}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\"}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\"}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\"}, {\"url\": \"https://github.com/openresty/openresty/issues/930\"}, {\"url\": \"https://github.com/apache/apisix/issues/10320\"}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\"}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\"}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\"}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\"}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\"}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\"}, {\"url\": \"https://github.com/grpc/grpc/releases/tag/v1.59.2\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-06-07T20:05:34.376Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-44487\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\", \"dateReserved\": \"2023-09-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-10-10T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2023-2627
Vulnerability from csaf_certbund - Published: 2023-10-10 22:00 - Updated: 2026-03-23 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Guardium 11.3
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.3
|
11.3 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Integration Bus
IBM
|
cpe:/a:ibm:integration_bus:-
|
— | |
|
IBM Maximo Asset Management 7.6.1
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1
|
7.6.1 | |
|
IBM Rational Change <5.3.2.7
IBM / Rational Change
|
<5.3.2.7 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Atlassian Confluence 8.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5
|
8.5 | |
|
Atlassian Confluence <8.5.7
Atlassian / Confluence
|
<8.5.7 | ||
|
Eclipse Jetty <12.0.2
Eclipse / Jetty
|
<12.0.2 | ||
|
Atlassian Confluence <7.19.20
Atlassian / Confluence
|
<7.19.20 | ||
|
Eclipse Jetty <11.0.17
Eclipse / Jetty
|
<11.0.17 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Eclipse Jetty <11.0.16
Eclipse / Jetty
|
<11.0.16 | ||
|
Atlassian Confluence <8.8.1
Atlassian / Confluence
|
<8.8.1 | ||
|
Eclipse Jetty <10.0.16
Eclipse / Jetty
|
<10.0.16 | ||
|
IBM SPSS Collaboration and Deployment Services 8.5
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services_8.5
|
Collaboration and Deployment Services 8.5 | |
|
IBM Security Guardium 10.6
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:10.6
|
10.6 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Installation Manager 1.4-1.10.1.0
IBM / Installation Manager
|
cpe:/a:ibm:installation_manager:1.4_-_1.10.1.0
|
1.4-1.10.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Eclipse Jetty <9.4.53
Eclipse / Jetty
|
<9.4.53 | ||
|
Eclipse Jetty <10.0.17
Eclipse / Jetty
|
<10.0.17 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Guardium 11.3
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.3
|
11.3 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Integration Bus
IBM
|
cpe:/a:ibm:integration_bus:-
|
— | |
|
IBM Maximo Asset Management 7.6.1
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1
|
7.6.1 | |
|
IBM Rational Change <5.3.2.7
IBM / Rational Change
|
<5.3.2.7 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Atlassian Confluence 8.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5
|
8.5 | |
|
Atlassian Confluence <8.5.7
Atlassian / Confluence
|
<8.5.7 | ||
|
Eclipse Jetty <12.0.2
Eclipse / Jetty
|
<12.0.2 | ||
|
Atlassian Confluence <7.19.20
Atlassian / Confluence
|
<7.19.20 | ||
|
Eclipse Jetty <11.0.17
Eclipse / Jetty
|
<11.0.17 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Eclipse Jetty <11.0.16
Eclipse / Jetty
|
<11.0.16 | ||
|
Atlassian Confluence <8.8.1
Atlassian / Confluence
|
<8.8.1 | ||
|
Eclipse Jetty <10.0.16
Eclipse / Jetty
|
<10.0.16 | ||
|
IBM SPSS Collaboration and Deployment Services 8.5
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services_8.5
|
Collaboration and Deployment Services 8.5 | |
|
IBM Security Guardium 10.6
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:10.6
|
10.6 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Installation Manager 1.4-1.10.1.0
IBM / Installation Manager
|
cpe:/a:ibm:installation_manager:1.4_-_1.10.1.0
|
1.4-1.10.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Eclipse Jetty <9.4.53
Eclipse / Jetty
|
<9.4.53 | ||
|
Eclipse Jetty <10.0.17
Eclipse / Jetty
|
<10.0.17 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2627 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2627.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2627 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2627"
},
{
"category": "external",
"summary": "Eclipse Jetty Releases vom 2023-10-10",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00181.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4210-1 vom 2023-10-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016857.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3641 vom 2023-10-30",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5540 vom 2023-10-30",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00236.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7076824 vom 2023-11-15",
"url": "https://www.ibm.com/support/pages/node/7076824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7247 vom 2023-11-16",
"url": "https://access.redhat.com/errata/RHSA-2023:7247"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3656 vom 2023-11-19",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7070763 vom 2023-11-29",
"url": "https://www.ibm.com/support/pages/node/7070763"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7099297 vom 2023-12-18",
"url": "https://www.ibm.com/support/pages/node/7099297"
},
{
"category": "external",
"summary": "Atlassian Security Advisory CONFSERVER-93826 vom 2024-01-03",
"url": "https://jira.atlassian.com/browse/CONFSERVER-93826"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108700 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108700"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Atlassian Security Advisory",
"url": "https://jira.atlassian.com/browse/CONFSERVER-94843"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7152890 vom 2024-05-16",
"url": "https://www.ibm.com/support/pages/node/7152890"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24",
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7172226 vom 2024-10-04",
"url": "https://www.ibm.com/support/pages/node/7172226"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14442-1 vom 2024-10-31",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TNFN6MBU4SQLAGX7GNFLRGTPGY3IBHZG/"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-150 vom 2024-12-17",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-150/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229444 vom 2025-03-28",
"url": "https://www.ibm.com/support/pages/node/7229444"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7231640 vom 2025-04-23",
"url": "https://www.ibm.com/support/pages/node/7231640"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Eclipse Jetty: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-03-23T23:00:00.000+00:00",
"generator": {
"date": "2026-03-24T10:23:24.501+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2627",
"initial_release_date": "2023-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2023-11-19T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-12-18T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-02T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2024-01-17T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-23T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "Atlassian Confluence 8.5",
"product_id": "T031847",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.7",
"product": {
"name": "Atlassian Confluence \u003c8.5.7",
"product_id": "T033545"
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Atlassian Confluence 8.5.7",
"product_id": "T033545-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.20",
"product": {
"name": "Atlassian Confluence \u003c7.19.20",
"product_id": "T033546"
}
},
{
"category": "product_version",
"name": "7.19.20",
"product": {
"name": "Atlassian Confluence 7.19.20",
"product_id": "T033546-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.20"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.8.1",
"product": {
"name": "Atlassian Confluence \u003c8.8.1",
"product_id": "T033547"
}
},
{
"category": "product_version",
"name": "8.8.1",
"product": {
"name": "Atlassian Confluence 8.8.1",
"product_id": "T033547-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.8.1"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy\u003c19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c19.9.0.4",
"product_id": "T032377"
}
},
{
"category": "product_version",
"name": "vProxy19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy19.9.0.4",
"product_id": "T032377-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c19.10",
"product_id": "T032378"
}
},
{
"category": "product_version",
"name": "vProxy19.10",
"product": {
"name": "Dell NetWorker vProxy19.10",
"product_id": "T032378-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.16",
"product": {
"name": "Eclipse Jetty \u003c10.0.16",
"product_id": "1477380"
}
},
{
"category": "product_version",
"name": "10.0.16",
"product": {
"name": "Eclipse Jetty 10.0.16",
"product_id": "1477380-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:10.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.16",
"product": {
"name": "Eclipse Jetty \u003c11.0.16",
"product_id": "1477382"
}
},
{
"category": "product_version",
"name": "11.0.16",
"product": {
"name": "Eclipse Jetty 11.0.16",
"product_id": "1477382-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:11.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.53",
"product": {
"name": "Eclipse Jetty \u003c9.4.53",
"product_id": "T030428"
}
},
{
"category": "product_version",
"name": "9.4.53",
"product": {
"name": "Eclipse Jetty 9.4.53",
"product_id": "T030428-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.53"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.17",
"product": {
"name": "Eclipse Jetty \u003c10.0.17",
"product_id": "T030429"
}
},
{
"category": "product_version",
"name": "10.0.17",
"product": {
"name": "Eclipse Jetty 10.0.17",
"product_id": "T030429-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:10.0.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.17",
"product": {
"name": "Eclipse Jetty \u003c11.0.17",
"product_id": "T030430"
}
},
{
"category": "product_version",
"name": "11.0.17",
"product": {
"name": "Eclipse Jetty 11.0.17",
"product_id": "T030430-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:11.0.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.2",
"product": {
"name": "Eclipse Jetty \u003c12.0.2",
"product_id": "T030431"
}
},
{
"category": "product_version",
"name": "12.0.2",
"product": {
"name": "Eclipse Jetty 12.0.2",
"product_id": "T030431-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.0.2"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version",
"name": "1.4-1.10.1.0",
"product": {
"name": "IBM Installation Manager 1.4-1.10.1.0",
"product_id": "T043115",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:installation_manager:1.4_-_1.10.1.0"
}
}
}
],
"category": "product_name",
"name": "Installation Manager"
},
{
"category": "product_name",
"name": "IBM Integration Bus",
"product": {
"name": "IBM Integration Bus",
"product_id": "T011169",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1",
"product": {
"name": "IBM Maximo Asset Management 7.6.1",
"product_id": "389168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.3.2.7",
"product": {
"name": "IBM Rational Change \u003c5.3.2.7",
"product_id": "T038008"
}
},
{
"category": "product_version",
"name": "5.3.2.7",
"product": {
"name": "IBM Rational Change 5.3.2.7",
"product_id": "T038008-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_change:5.3.2.7"
}
}
}
],
"category": "product_name",
"name": "Rational Change"
},
{
"branches": [
{
"category": "product_version",
"name": "Collaboration and Deployment Services 8.5",
"product": {
"name": "IBM SPSS Collaboration and Deployment Services 8.5",
"product_id": "T038750",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:collaboration_and_deployment_services_8.5"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version",
"name": "11.3",
"product": {
"name": "IBM Security Guardium 11.3",
"product_id": "1048943",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.3"
}
}
},
{
"category": "product_version",
"name": "10.6",
"product": {
"name": "IBM Security Guardium 10.6",
"product_id": "410913",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:10.6"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-36478",
"product_status": {
"known_affected": [
"1048943",
"67646",
"T011169",
"389168",
"T038008",
"T038840",
"T031847",
"T033545",
"T030431",
"T033546",
"T030430",
"T032377",
"T032378",
"1477382",
"T033547",
"1477380",
"T038750",
"410913",
"T052048",
"T022954",
"T043115",
"2951",
"T002207",
"444803",
"T027843",
"T030428",
"T030429"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"1048943",
"67646",
"T011169",
"389168",
"T038008",
"T038840",
"T031847",
"T033545",
"T030431",
"T033546",
"T030430",
"T032377",
"T032378",
"1477382",
"T033547",
"1477380",
"T038750",
"410913",
"T052048",
"T022954",
"T043115",
"2951",
"T002207",
"444803",
"T027843",
"T030428",
"T030429"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-44487"
}
]
}
WID-SEC-W-2023-2628
Vulnerability from csaf_certbund - Published: 2023-10-10 22:00 - Updated: 2026-06-17 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2628 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2628.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2628 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2628"
},
{
"category": "external",
"summary": "Apache Tomcat 8 Changelog vom 2023-10-10",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94"
},
{
"category": "external",
"summary": "Apache Tomcat 9 Changelog vom 2023-10-10",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5522 vom 2023-10-11",
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5521 vom 2023-10-11",
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3617 vom 2023-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-016 vom 2023-10-18",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-016.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2023-010 vom 2023-10-18",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-010.html"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-G8PJ-R55Q-5C2V vom 2023-10-18",
"url": "https://github.com/vaadin/platform/releases/tag/24.2.0"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4129-1 vom 2023-10-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016747.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5928 vom 2023-10-20",
"url": "https://access.redhat.com/errata/RHSA-2023:5928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5929 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5929 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5929.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1868 vom 2023-10-19",
"url": "https://alas.aws.amazon.com/ALAS-2023-1868.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5929 vom 2023-10-24",
"url": "https://linux.oracle.com/errata/ELSA-2023-5929.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5928 vom 2023-10-25",
"url": "http://linux.oracle.com/errata/ELSA-2023-5928.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6145 vom 2023-10-27",
"url": "https://access.redhat.com/errata/RHSA-2023:6145"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6120 vom 2023-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2023-6120.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6207 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6207"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6206 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6206"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4337-1 vom 2023-11-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016986.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4423-1 vom 2023-11-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017018.html"
},
{
"category": "external",
"summary": "Camunda Security Notice 97 vom 2023-11-13",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7072626 vom 2023-11-14",
"url": "https://www.ibm.com/support/pages/node/7072626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7247 vom 2023-11-16",
"url": "https://access.redhat.com/errata/RHSA-2023:7247"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7076274 vom 2023-11-15",
"url": "https://www.ibm.com/support/pages/node/7076274"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7082717"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX23-021",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/11/XRX23-021_FFPSv2_Win10_SecurityBulletin_Nov2023.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7623 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7623"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7625 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7626 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7626"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7099297 vom 2023-12-18",
"url": "https://www.ibm.com/support/pages/node/7099297"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7105133 vom 2024-01-05",
"url": "http://www.ibm.com/support/pages/node/7105133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0125 vom 2024-01-10",
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0125 vom 2024-01-11",
"url": "https://linux.oracle.com/errata/ELSA-2024-0125.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7107757 vom 2024-01-16",
"url": "https://www.ibm.com/support/pages/node/7107757"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7107755 vom 2024-01-16",
"url": "https://www.ibm.com/support/pages/node/7107755"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7111624 vom 2024-01-24",
"url": "https://www.ibm.com/support/pages/node/7111624"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0474 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0474 vom 2024-01-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-0474.html"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-107 vom 2024-01-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-107/index.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0472-1 vom 2024-02-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-133 vom 2024-03-12",
"url": "https://www.dell.com/support/kbdoc/000223002/dsa-2024-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2024-012 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2024-012.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2501 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2501.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7114769 vom 2024-04-30",
"url": "https://www.ibm.com/support/pages/node/7114769"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156539 vom 2024-06-18",
"url": "https://www.ibm.com/support/pages/node/7156539"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-134 vom 2024-07-02",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-134/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-126 vom 2024-08-06",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-126/index.html"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2429 vom 2024-11-02",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25158"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7106-1 vom 2024-11-18",
"url": "https://ubuntu.com/security/notices/USN-7106-1"
},
{
"category": "external",
"summary": "F5 Security Advisory K000138178 vom 2025-01-17",
"url": "https://my.f5.com/manage/s/article/K000138178"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2812 vom 2025-04-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2812.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7410-1 vom 2025-04-07",
"url": "https://ubuntu.com/security/notices/USN-7410-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7469-1 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7469-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7469-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7469-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7562-1 vom 2025-06-10",
"url": "https://ubuntu.com/security/notices/USN-7562-1"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1058-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-25090 vom 2026-06-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-25090.html"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-17T22:00:00.000+00:00",
"generator": {
"date": "2026-06-18T08:30:01.217+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2023-2628",
"initial_release_date": "2023-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Open Source aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Amazon aufgenommen"
},
{
"date": "2023-10-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-29T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-13T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2023-11-26T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-18T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-04T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-01-10T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-11T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-15T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-24T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-29T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-17T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-17T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "45"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.94",
"product": {
"name": "Apache Tomcat \u003c8.5.94",
"product_id": "T030426"
}
},
{
"category": "product_version",
"name": "8.5.94",
"product": {
"name": "Apache Tomcat 8.5.94",
"product_id": "T030426-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:8.5.94"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.81",
"product": {
"name": "Apache Tomcat \u003c9.0.81",
"product_id": "T030427"
}
},
{
"category": "product_version",
"name": "9.0.81",
"product": {
"name": "Apache Tomcat 9.0.81",
"product_id": "T030427-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.81"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1",
"product_id": "T034139"
}
},
{
"category": "product_version",
"name": "2.3.1",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1",
"product_id": "T034139-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.0a",
"product_id": "T034294"
}
},
{
"category": "product_version",
"name": "2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.0a",
"product_id": "T034294-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.0a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c19.9.0.4",
"product_id": "T032377"
}
},
{
"category": "product_version",
"name": "vProxy19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy19.9.0.4",
"product_id": "T032377-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c19.10",
"product_id": "T032378"
}
},
{
"category": "product_version",
"name": "vProxy19.10",
"product": {
"name": "Dell NetWorker vProxy19.10",
"product_id": "T032378-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "15.1.0-15.1.10",
"product": {
"name": "F5 BIG-IP 15.1.0-15.1.10",
"product_id": "T034902",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
}
}
},
{
"category": "product_version",
"name": "16.1.0-16.1.5",
"product": {
"name": "F5 BIG-IP 16.1.0-16.1.5",
"product_id": "T037028",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.5"
}
}
},
{
"category": "product_version",
"name": "17.1.0-17.1.2",
"product": {
"name": "F5 BIG-IP 17.1.0-17.1.2",
"product_id": "T040213",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.2"
}
}
}
],
"category": "product_name",
"name": "BIG-IP"
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "10.1-10.1.0.2",
"product": {
"name": "IBM Integration Bus 10.1-10.1.0.2",
"product_id": "T031084",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2"
}
}
}
],
"category": "product_name",
"name": "Integration Bus"
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager",
"product": {
"name": "IBM Operational Decision Manager",
"product_id": "T005180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "V10",
"product": {
"name": "IBM Power Hardware Management Console V10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "8.0.0.24",
"product": {
"name": "IBM Rational Build Forge 8.0.0.24",
"product_id": "T030689",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.24"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T002782",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "1411051",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version",
"name": "V5000",
"product": {
"name": "IBM Storwize V5000",
"product_id": "T020641",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:v5000"
}
}
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
}
],
"category": "product_name",
"name": "Storwize"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.21.0-alpha1",
"product": {
"name": "Open Source Camunda \u003c7.21.0-alpha1",
"product_id": "T031061"
}
},
{
"category": "product_version",
"name": "7.21.0-alpha1",
"product": {
"name": "Open Source Camunda 7.21.0-alpha1",
"product_id": "T031061-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.21.0-alpha1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.20.1",
"product": {
"name": "Open Source Camunda \u003c7.20.1",
"product_id": "T031062"
}
},
{
"category": "product_version",
"name": "7.20.1",
"product": {
"name": "Open Source Camunda 7.20.1",
"product_id": "T031062-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.20.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.8",
"product": {
"name": "Open Source Camunda \u003c7.19.8",
"product_id": "T031063"
}
},
{
"category": "product_version",
"name": "7.19.8",
"product": {
"name": "Open Source Camunda 7.19.8",
"product_id": "T031063-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.19.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.18.12",
"product": {
"name": "Open Source Camunda \u003c7.18.12",
"product_id": "T031064"
}
},
{
"category": "product_version",
"name": "7.18.12",
"product": {
"name": "Open Source Camunda 7.18.12",
"product_id": "T031064-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.18.12"
}
}
},
{
"category": "product_version_range",
"name": "RPA Bridge \u003c1.1.10",
"product": {
"name": "Open Source Camunda RPA Bridge \u003c1.1.10",
"product_id": "T031065"
}
},
{
"category": "product_version",
"name": "RPA Bridge 1.1.10",
"product": {
"name": "Open Source Camunda RPA Bridge 1.1.10",
"product_id": "T031065-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:rpa_bridge__1.1.10"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.2.0",
"product": {
"name": "Open Source Vaadin \u003c24.2.0",
"product_id": "T030676"
}
},
{
"category": "product_version",
"name": "24.2.0",
"product": {
"name": "Open Source Vaadin 24.2.0",
"product_id": "T030676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vaadin:vaadin:24.2.0"
}
}
}
],
"category": "product_name",
"name": "Vaadin"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "1",
"product": {
"name": "Red Hat JBoss Core Services 1",
"product_id": "459970",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services",
"product": {
"name": "Red Hat JBoss Core Services",
"product_id": "T012412",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:-"
}
}
}
],
"category": "product_name",
"name": "JBoss Core Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.7.7",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.7.7",
"product_id": "T031508"
}
},
{
"category": "product_version",
"name": "5.7.7",
"product": {
"name": "Red Hat JBoss Web Server 5.7.7",
"product_id": "T031508-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7.7"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v2 / Windows 10",
"product": {
"name": "Xerox FreeFlow Print Server v2 / Windows 10",
"product_id": "T031383",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2__windows_10"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42794",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-45648"
}
]
}
WID-SEC-W-2023-2655
Vulnerability from csaf_certbund - Published: 2023-10-15 22:00 - Updated: 2025-12-03 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Open Source Node.js <18.18.2
Open Source / Node.js
|
<18.18.2 | ||
|
IBM App Connect Enterprise 12.0.1.0-12.0.10.0
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0
|
12.0.1.0-12.0.10.0 | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Open Source Node.js <20.8.1
Open Source / Node.js
|
<20.8.1 | ||
|
Jenkins Jenkins <weekly 2.428
Jenkins / Jenkins
|
<weekly 2.428 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins <LTS 2.414.3
Jenkins / Jenkins
|
<LTS 2.414.3 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Open Source Node.js <18.18.2
Open Source / Node.js
|
<18.18.2 | ||
|
IBM App Connect Enterprise 12.0.1.0-12.0.10.0
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0
|
12.0.1.0-12.0.10.0 | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Open Source Node.js <20.8.1
Open Source / Node.js
|
<20.8.1 | ||
|
Jenkins Jenkins <weekly 2.428
Jenkins / Jenkins
|
<weekly 2.428 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins <LTS 2.414.3
Jenkins / Jenkins
|
<LTS 2.414.3 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Open Source Node.js <18.18.2
Open Source / Node.js
|
<18.18.2 | ||
|
IBM App Connect Enterprise 12.0.1.0-12.0.10.0
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0
|
12.0.1.0-12.0.10.0 | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Open Source Node.js <20.8.1
Open Source / Node.js
|
<20.8.1 | ||
|
Jenkins Jenkins <weekly 2.428
Jenkins / Jenkins
|
<weekly 2.428 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins <LTS 2.414.3
Jenkins / Jenkins
|
<LTS 2.414.3 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Open Source Node.js <18.18.2
Open Source / Node.js
|
<18.18.2 | ||
|
IBM App Connect Enterprise 12.0.1.0-12.0.10.0
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0
|
12.0.1.0-12.0.10.0 | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Open Source Node.js <20.8.1
Open Source / Node.js
|
<20.8.1 | ||
|
Jenkins Jenkins <weekly 2.428
Jenkins / Jenkins
|
<weekly 2.428 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins <LTS 2.414.3
Jenkins / Jenkins
|
<LTS 2.414.3 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Open Source Node.js <18.18.2
Open Source / Node.js
|
<18.18.2 | ||
|
IBM App Connect Enterprise 12.0.1.0-12.0.10.0
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0
|
12.0.1.0-12.0.10.0 | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Open Source Node.js <20.8.1
Open Source / Node.js
|
<20.8.1 | ||
|
Jenkins Jenkins <weekly 2.428
Jenkins / Jenkins
|
<weekly 2.428 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins <LTS 2.414.3
Jenkins / Jenkins
|
<LTS 2.414.3 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Open Source Node.js <18.18.2
Open Source / Node.js
|
<18.18.2 | ||
|
IBM App Connect Enterprise 12.0.1.0-12.0.10.0
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0
|
12.0.1.0-12.0.10.0 | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Open Source Node.js <20.8.1
Open Source / Node.js
|
<20.8.1 | ||
|
Jenkins Jenkins <weekly 2.428
Jenkins / Jenkins
|
<weekly 2.428 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins <LTS 2.414.3
Jenkins / Jenkins
|
<LTS 2.414.3 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2655 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2655.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2655 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2655"
},
{
"category": "external",
"summary": "NodeJS Security Release vom 2023-10-13",
"url": "https://nodejs.org/en/blog/release/v20.8.1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-4D2FD884EA vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-4d2fd884ea"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5764 vom 2023-10-17",
"url": "https://access.redhat.com/errata/RHSA-2023:5764"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5765 vom 2023-10-17",
"url": "https://access.redhat.com/errata/RHSA-2023:5765"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-F66FC0F62A vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f66fc0f62a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-E9C04D81C1 vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e9c04d81c1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-DBE64661AF vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-dbe64661af"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D5030C983C vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5030c983c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-7B52921CAE vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-7b52921cae"
},
{
"category": "external",
"summary": "Node.js Friday October 13 2023 Security Releases vom 2023-10-13",
"url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5869 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5869.html"
},
{
"category": "external",
"summary": "Jenkins Security Advisory 2023-10-18",
"url": "https://www.jenkins.io/security/advisory/2023-10-18/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5850 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5850"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5849 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4132-1 vom 2023-10-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016755.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4133-1 vom 2023-10-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016754.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4150-1 vom 2023-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016768.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5869 vom 2023-10-23",
"url": "https://linux.oracle.com/errata/ELSA-2023-5869.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4155-1 vom 2023-10-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016810.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5849 vom 2023-10-24",
"url": "http://linux.oracle.com/errata/ELSA-2023-5849.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5850 vom 2023-10-24",
"url": "http://linux.oracle.com/errata/ELSA-2023-5850.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5765 vom 2023-10-24",
"url": "http://linux.oracle.com/errata/ELSA-2023-5765.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4207-1 vom 2023-10-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016859.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4259-1 vom 2023-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016918.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4295-1 vom 2023-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016945.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4374-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016996.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4373-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016997.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7205 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7205 vom 2023-11-23",
"url": "https://linux.oracle.com/errata/ELSA-2023-7205.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5589 vom 2023-12-28",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00286.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108595 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108595"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108824 vom 2024-01-18",
"url": "https://www.ibm.com/support/pages/node/7108824"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7114471 vom 2024-02-02",
"url": "https://www.ibm.com/support/pages/node/7114471"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1444 vom 2024-03-20",
"url": "https://access.redhat.com/errata/RHSA-2024:1444"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1444 vom 2024-03-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-1444.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1444 vom 2024-03-27",
"url": "https://errata.build.resf.org/RLSA-2024:1444"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7469-3 vom 2025-04-29",
"url": "https://ubuntu.com/security/notices/USN-7469-3"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202505-11 vom 2025-05-14",
"url": "https://security.gentoo.org/glsa/202505-11"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2023:5869 vom 2025-12-04",
"url": "https://errata.build.resf.org/RLSA-2023:5869"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2023:5849 vom 2025-12-04",
"url": "https://errata.build.resf.org/RLSA-2023:5849"
}
],
"source_lang": "en-US",
"title": "Node.js: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-03T23:00:00.000+00:00",
"generator": {
"date": "2025-12-04T11:17:16.969+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2655",
"initial_release_date": "2023-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora und Red Hat aufgenommen"
},
{
"date": "2023-10-18T22:00:00.000+00:00",
"number": "3",
"summary": "Node.js LTS Version erg\u00e4nzt"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-22T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-12-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-18T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-03-03T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-21T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "25"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy\u003c19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c19.9.0.4",
"product_id": "T032377"
}
},
{
"category": "product_version",
"name": "vProxy19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy19.9.0.4",
"product_id": "T032377-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c19.10",
"product_id": "T032378"
}
},
{
"category": "product_version",
"name": "vProxy19.10",
"product": {
"name": "Dell NetWorker vProxy19.10",
"product_id": "T032378-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.0.1.0-12.0.10.0",
"product": {
"name": "IBM App Connect Enterprise 12.0.1.0-12.0.10.0",
"product_id": "T032246",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0"
}
}
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cweekly 2.428",
"product": {
"name": "Jenkins Jenkins \u003cweekly 2.428",
"product_id": "T030677"
}
},
{
"category": "product_version",
"name": "weekly 2.428",
"product": {
"name": "Jenkins Jenkins weekly 2.428",
"product_id": "T030677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:weekly_2.428"
}
}
},
{
"category": "product_version_range",
"name": "\u003cLTS 2.414.3",
"product": {
"name": "Jenkins Jenkins \u003cLTS 2.414.3",
"product_id": "T030678"
}
},
{
"category": "product_version",
"name": "LTS 2.414.3",
"product": {
"name": "Jenkins Jenkins LTS 2.414.3",
"product_id": "T030678-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:lts_2.414.3"
}
}
}
],
"category": "product_name",
"name": "Jenkins"
}
],
"category": "vendor",
"name": "Jenkins"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.8.1",
"product": {
"name": "Open Source Node.js \u003c20.8.1",
"product_id": "T030520"
}
},
{
"category": "product_version",
"name": "20.8.1",
"product": {
"name": "Open Source Node.js 20.8.1",
"product_id": "T030520-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:20.8.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.18.2",
"product": {
"name": "Open Source Node.js \u003c18.18.2",
"product_id": "T030675"
}
},
{
"category": "product_version",
"name": "18.18.2",
"product": {
"name": "Open Source Node.js 18.18.2",
"product_id": "T030675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:18.18.2"
}
}
}
],
"category": "product_name",
"name": "Node.js"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T015631",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
},
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38552",
"product_status": {
"known_affected": [
"T032377",
"T030675",
"T032246",
"T032378",
"T030520",
"T030677",
"67646",
"T030678",
"T015632",
"T012167",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T000126",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00.000+00:00",
"title": "CVE-2023-38552"
},
{
"cve": "CVE-2023-39331",
"product_status": {
"known_affected": [
"T032377",
"T030675",
"T032246",
"T032378",
"T030520",
"T030677",
"67646",
"T030678",
"T015632",
"T012167",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T000126",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00.000+00:00",
"title": "CVE-2023-39331"
},
{
"cve": "CVE-2023-39332",
"product_status": {
"known_affected": [
"T032377",
"T030675",
"T032246",
"T032378",
"T030520",
"T030677",
"67646",
"T030678",
"T015632",
"T012167",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T000126",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00.000+00:00",
"title": "CVE-2023-39332"
},
{
"cve": "CVE-2023-39333",
"product_status": {
"known_affected": [
"T032377",
"T030675",
"T032246",
"T032378",
"T030520",
"T030677",
"67646",
"T030678",
"T015632",
"T012167",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T000126",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00.000+00:00",
"title": "CVE-2023-39333"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T032377",
"T030675",
"T032246",
"T032378",
"T030520",
"T030677",
"67646",
"T030678",
"T015632",
"T012167",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T000126",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45143",
"product_status": {
"known_affected": [
"T032377",
"T030675",
"T032246",
"T032378",
"T030520",
"T030677",
"67646",
"T030678",
"T015632",
"T012167",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T000126",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00.000+00:00",
"title": "CVE-2023-45143"
}
]
}
WID-SEC-W-2023-2723
Vulnerability from csaf_certbund - Published: 2023-10-22 22:00 - Updated: 2025-12-14 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat OpenShift Container Platform <4.13.27
Red Hat / OpenShift
|
Container Platform <4.13.27 | ||
|
Red Hat OpenShift Container Platform <4.11.56
Red Hat / OpenShift
|
Container Platform <4.11.56 | ||
|
Red Hat OpenShift Container Platform <4.12.54
Red Hat / OpenShift
|
Container Platform <4.12.54 | ||
|
Red Hat Enterprise Linux Container Native Virtualization 4.14
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14
|
Container Native Virtualization 4.14 | |
|
Red Hat OpenShift Pipelines 1.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:pipelines_1.10
|
Pipelines 1.10 | |
|
Red Hat OpenShift Container Platform <4.11.58
Red Hat / OpenShift
|
Container Platform <4.11.58 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.21
Red Hat / OpenShift
|
Container Platform <4.14.21 | ||
|
Red Hat Satellite <6.11.5.6
Red Hat / Satellite
|
<6.11.5.6 | ||
|
Red Hat OpenShift Container Platform <4.12.49
Red Hat / OpenShift
|
Container Platform <4.12.49 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
Red Hat Satellite <6.12.5.2
Red Hat / Satellite
|
<6.12.5.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.12.48
Red Hat / OpenShift
|
Container Platform <4.12.48 | ||
|
Red Hat OpenShift Container Platform <4.12.43
Red Hat / OpenShift
|
Container Platform <4.12.43 | ||
|
Red Hat OpenShift Container Platform <4.12.46
Red Hat / OpenShift
|
Container Platform <4.12.46 | ||
|
Red Hat OpenShift Container Platform <4.14.2
Red Hat / OpenShift
|
Container Platform <4.14.2 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Container Platform <4.11.55
Red Hat / OpenShift
|
Container Platform <4.11.55 | ||
|
Red Hat OpenShift Container Platform <4.13.25
Red Hat / OpenShift
|
Container Platform <4.13.25 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Red Hat OpenShift Container Platform <4.13.31
Red Hat / OpenShift
|
Container Platform <4.13.31 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Container Platform <4.14.0
Red Hat / OpenShift
|
Container Platform <4.14.0 | ||
|
Red Hat OpenShift Container Platform <4.14.8
Red Hat / OpenShift
|
Container Platform <4.14.8 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2723 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2723.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2723 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2723"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5979 vom 2023-10-22",
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5980 vom 2023-10-22",
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6130 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6130"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6129 vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6129"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6171 vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6171"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6165 vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6165"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6172 vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6172"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2023-017 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2023-017.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6233 vom 2023-11-01",
"url": "https://access.redhat.com/errata/RHSA-2023:6233"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6240 vom 2023-11-02",
"url": "https://access.redhat.com/errata/RHSA-2023:6240"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2023-033 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2023-033.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6126 vom 2023-11-01",
"url": "https://access.redhat.com/errata/RHSA-2023:6125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6235 vom 2023-11-01",
"url": "https://access.redhat.com/errata/RHSA-2023:6235"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2023-034 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-034.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2023-018 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2023-018.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2326 vom 2023-11-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2326.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2325 vom 2023-11-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2325.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2324 vom 2023-11-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2324.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6779 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6779"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-5029B92850 vom 2023-11-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-5029b92850"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-257F33C602 vom 2023-11-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-257f33c602"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6275 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6257 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6257"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6271 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6271"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6272 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6256 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6256"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6276 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6276"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6817 vom 2023-11-09",
"url": "https://access.redhat.com/errata/RHSA-2023:6817"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6828 vom 2023-11-09",
"url": "https://access.redhat.com/errata/RHSA-2023:6828"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D58C8EEB7C vom 2023-11-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58c8eeb7c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-E8C3B64CE1 vom 2023-11-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e8c3b64ce1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-0D46257314 vom 2023-11-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0d46257314"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-FA2D7B25D9 vom 2023-11-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-fa2d7b25d9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-5852A1CC3F vom 2023-11-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-5852a1cc3f"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2339 vom 2023-11-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2339.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-2E09477FBC vom 2023-11-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2e09477fbc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6841 vom 2023-11-17",
"url": "https://access.redhat.com/errata/RHSA-2023:6841"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7288 vom 2023-11-16",
"url": "https://access.redhat.com/errata/RHSA-2023:7288"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6842 vom 2023-11-17",
"url": "https://access.redhat.com/errata/RHSA-2023:6842"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6839 vom 2023-11-16",
"url": "https://access.redhat.com/errata/RHSA-2023:6839"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7342 vom 2023-11-17",
"url": "https://access.redhat.com/errata/RHSA-2023:7342"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-66966AE3D0 vom 2023-11-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-66966ae3d0"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-5F984129B2 vom 2023-11-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-5f984129b2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3A895FF65C vom 2023-11-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3a895ff65c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-C858D2C53B vom 2023-11-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c858d2c53b"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7555 vom 2023-11-29",
"url": "https://access.redhat.com/errata/RHSA-2023:7555"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7521 vom 2023-11-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7521"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-E3E4E3F51A vom 2023-11-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e3e4e3f51a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-6F4C5B6331 vom 2023-11-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-6f4c5b6331"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-14A33318B8 vom 2023-12-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-14a33318b8"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1888 vom 2023-12-04",
"url": "https://alas.aws.amazon.com/ALAS-2023-1888.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7604 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7604"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7602 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7602"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7662 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7699 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7699"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7703 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7703"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7704 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7704"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-72AB10F1DE vom 2023-12-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-72ab10f1de"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7690 vom 2023-12-14",
"url": "https://access.redhat.com/errata/RHSA-2023:7690"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7691 vom 2023-12-14",
"url": "https://access.redhat.com/errata/RHSA-2023:7691"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5006 vom 2023-12-30",
"url": "https://access.redhat.com/errata/RHSA-2023:5006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7831 vom 2024-01-04",
"url": "https://access.redhat.com/errata/RHSA-2023:7831"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7827 vom 2024-01-04",
"url": "https://access.redhat.com/errata/RHSA-2023:7827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7823 vom 2024-01-05",
"url": "https://access.redhat.com/errata/RHSA-2023:7823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0050 vom 2024-01-10",
"url": "https://access.redhat.com/errata/RHSA-2024:0050"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0059 vom 2024-01-10",
"url": "https://access.redhat.com/errata/RHSA-2024:0059"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0198 vom 2024-01-20",
"url": "https://access.redhat.com/errata/RHSA-2024:0198"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0485 vom 2024-01-31",
"url": "https://access.redhat.com/errata/RHSA-2024:0485"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0484 vom 2024-02-01",
"url": "https://access.redhat.com/errata/RHSA-2024:0484"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-037 vom 2024-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-037.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-037 vom 2024-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-037.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0642 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0642"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0660 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0660"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0682 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0682"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0664 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0777 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0741 vom 2024-02-14",
"url": "https://access.redhat.com/errata/RHSA-2024:0741"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-038 vom 2024-02-20",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-038.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0837 vom 2024-02-20",
"url": "https://access.redhat.com/errata/RHSA-2024:0837"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-038 vom 2024-02-20",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-038.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0833 vom 2024-02-21",
"url": "https://access.redhat.com/errata/RHSA-2024:0833"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0269 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:0269"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0946 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:0946"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1052 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1052"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-035 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-035.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12225 vom 2024-03-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-12225.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EC60F79B80 vom 2024-03-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ec60f79b80"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1572 vom 2024-04-03",
"url": "https://access.redhat.com/errata/RHSA-2024:1572"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-8580C06716 vom 2024-04-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-8580c06716"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1765 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1765"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-D652859EFB vom 2024-04-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d652859efb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9CC0E0C63E vom 2024-04-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9cc0e0c63e"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-80E062D21A vom 2024-04-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-80e062d21a"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3927 vom 2024-06-14",
"url": "https://access.redhat.com/errata/RHSA-2024:3927"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4118 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0832 vom 2025-02-06",
"url": "https://access.redhat.com/errata/RHSA-2025:0832"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4240 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4240"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-72356603ED vom 2025-07-27",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-72356603ed"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4406 vom 2025-12-14",
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00017.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-14T23:00:00.000+00:00",
"generator": {
"date": "2025-12-15T10:50:05.268+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2723",
"initial_release_date": "2023-10-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-01T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon und Red Hat aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-09T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora und Amazon aufgenommen"
},
{
"date": "2023-11-16T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-19T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und Fedora aufgenommen"
},
{
"date": "2023-12-03T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-12-04T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-12-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-10T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-01T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-03T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-04T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-09T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-21T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-31T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-01T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-05T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-07T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-20T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Amazon und Red Hat aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat und Amazon aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-02T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-27T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "47"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy\u003c19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c19.9.0.4",
"product_id": "T032377"
}
},
{
"category": "product_version",
"name": "vProxy19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy19.9.0.4",
"product_id": "T032377-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c19.10",
"product_id": "T032378"
}
},
{
"category": "product_version",
"name": "vProxy19.10",
"product": {
"name": "Dell NetWorker vProxy19.10",
"product_id": "T032378-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Container Native Virtualization 4.14",
"product": {
"name": "Red Hat Enterprise Linux Container Native Virtualization 4.14",
"product_id": "T031511",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:container_native_virtualization_4.14"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "T025990",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "T026435",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.2",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.2",
"product_id": "T031231"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.2",
"product_id": "T031231-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.2"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.43",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.43",
"product_id": "T031232"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.43",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.43",
"product_id": "T031232-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.43"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.14",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.14",
"product_id": "T031233",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.14"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.25",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.25",
"product_id": "T031467"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.25",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.25",
"product_id": "T031467-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.25"
}
}
},
{
"category": "product_version",
"name": "Pipelines 1.10",
"product": {
"name": "Red Hat OpenShift Pipelines 1.10",
"product_id": "T031510",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:pipelines_1.10"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.55",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.55",
"product_id": "T031684"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.55",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.55",
"product_id": "T031684-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.55"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.0",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.0",
"product_id": "T031839"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.0",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.0",
"product_id": "T031839-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.0"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.7",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.7",
"product_id": "T031849"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.7",
"product_id": "T031849-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.7"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.46",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.46",
"product_id": "T031870"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.46",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.46",
"product_id": "T031870-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.46"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.27",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.27",
"product_id": "T031871"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.27",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.27",
"product_id": "T031871-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.27"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.8",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.8",
"product_id": "T031938"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.8",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.8",
"product_id": "T031938-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.8"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.56",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.56",
"product_id": "T031970"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.56",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.56",
"product_id": "T031970-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.56"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.48",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.48",
"product_id": "T032442"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.48",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.48",
"product_id": "T032442-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.48"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.31",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.31",
"product_id": "T032470"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.31",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.31",
"product_id": "T032470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.31"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.49",
"product_id": "T032602"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.49",
"product_id": "T032602-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.49"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.58",
"product_id": "T032603"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.58",
"product_id": "T032603-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.58"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.54",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.54",
"product_id": "T033854"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.54",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.54",
"product_id": "T033854-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.54"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.21",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.21",
"product_id": "T034307"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.21",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.21",
"product_id": "T034307-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.21"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.72",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.72",
"product_id": "T040822"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.72",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.72",
"product_id": "T040822-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.72"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.12.5.2",
"product": {
"name": "Red Hat Satellite \u003c6.12.5.2",
"product_id": "T030700"
}
},
{
"category": "product_version",
"name": "6.12.5.2",
"product": {
"name": "Red Hat Satellite 6.12.5.2",
"product_id": "T030700-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.12.5.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.11.5.6",
"product": {
"name": "Red Hat Satellite \u003c6.11.5.6",
"product_id": "T030701"
}
},
{
"category": "product_version",
"name": "6.11.5.6",
"product": {
"name": "Red Hat Satellite 6.11.5.6",
"product_id": "T030701-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11.5.6"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1292",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2022-1292"
},
{
"cve": "CVE-2022-2068",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2022-2068"
},
{
"cve": "CVE-2022-3874",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2022-3874"
},
{
"cve": "CVE-2022-46648",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2022-46648"
},
{
"cve": "CVE-2022-47318",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2022-47318"
},
{
"cve": "CVE-2023-0118",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2023-0118"
},
{
"cve": "CVE-2023-0462",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2023-0462"
},
{
"cve": "CVE-2023-39325",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2023-39325"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T031233",
"T031871",
"T031970",
"T033854",
"T031511",
"T031510",
"T032603",
"67646",
"T034307",
"T030701",
"T032602",
"T040822",
"T030700",
"T004914",
"T032442",
"T031232",
"T031870",
"T031231",
"398363",
"T031849",
"T025990",
"T031684",
"T031467",
"T032377",
"T032378",
"T032470",
"74185",
"2951",
"T026435",
"T031839",
"T031938"
]
},
"release_date": "2023-10-22T22:00:00.000+00:00",
"title": "CVE-2023-44487"
}
]
}
WID-SEC-W-2023-2788
Vulnerability from csaf_certbund - Published: 2023-10-31 23:00 - Updated: 2026-01-29 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <16.4.2
Open Source / GitLab
|
<16.4.2 | ||
|
Open Source GitLab <16.5.1
Open Source / GitLab
|
<16.5.1 | ||
|
Open Source GitLab <16.3.6
Open Source / GitLab
|
<16.3.6 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2788 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2788.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2788 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2788"
},
{
"category": "external",
"summary": "GitLab Security Release vom 2023-10-31",
"url": "https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/"
}
],
"source_lang": "en-US",
"title": "GitLab: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-29T23:00:00.000+00:00",
"generator": {
"date": "2026-01-30T06:51:18.537+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2788",
"initial_release_date": "2023-10-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-06T23:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "4",
"summary": "falsch eingef\u00fcgtes Dell Update entfernt"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.5.1",
"product": {
"name": "Open Source GitLab \u003c16.5.1",
"product_id": "T030872"
}
},
{
"category": "product_version",
"name": "16.5.1",
"product": {
"name": "Open Source GitLab 16.5.1",
"product_id": "T030872-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:16.5.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.4.2",
"product": {
"name": "Open Source GitLab \u003c16.4.2",
"product_id": "T030873"
}
},
{
"category": "product_version",
"name": "16.4.2",
"product": {
"name": "Open Source GitLab 16.4.2",
"product_id": "T030873-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:16.4.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.3.6",
"product": {
"name": "Open Source GitLab \u003c16.3.6",
"product_id": "T030874"
}
},
{
"category": "product_version",
"name": "16.3.6",
"product": {
"name": "Open Source GitLab 16.3.6",
"product_id": "T030874-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:16.3.6"
}
}
}
],
"category": "product_name",
"name": "GitLab"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3246",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-3246"
},
{
"cve": "CVE-2023-3399",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-3399"
},
{
"cve": "CVE-2023-38545",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-3909",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-3909"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-4700",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-4700"
},
{
"cve": "CVE-2023-5600",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-5600"
},
{
"cve": "CVE-2023-5825",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-5825"
},
{
"cve": "CVE-2023-5831",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-5831"
},
{
"cve": "CVE-2023-5963",
"product_status": {
"known_affected": [
"T030873",
"T030872",
"T030874"
]
},
"release_date": "2023-10-31T23:00:00.000+00:00",
"title": "CVE-2023-5963"
}
]
}
WID-SEC-W-2023-2993
Vulnerability from csaf_certbund - Published: 2023-11-21 23:00 - Updated: 2023-12-12 23:00Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2993 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2993.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2993 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2993"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin vom 2023-11-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-21-2023-1318881573.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
"url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:01:59.515+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2993",
"initial_release_date": "2023-11-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-23T23:00:00.000+00:00",
"number": "2",
"summary": "Bewertung angepasst"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.7",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.7",
"product_id": "1529586",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.7",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.7",
"product_id": "T031322",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.4",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.4",
"product_id": "T031323",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.5",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.5",
"product_id": "T031324",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.5"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 7.21.18",
"product": {
"name": "Atlassian Bitbucket \u003c 7.21.18",
"product_id": "T031325",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.9.7",
"product": {
"name": "Atlassian Bitbucket \u003c 8.9.7",
"product_id": "T031614",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.11.6",
"product": {
"name": "Atlassian Bitbucket \u003c 8.11.6",
"product_id": "T031615",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.12.4",
"product": {
"name": "Atlassian Bitbucket \u003c 8.12.4",
"product_id": "T031616",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.13.3",
"product": {
"name": "Atlassian Bitbucket \u003c 8.13.3",
"product_id": "T031617",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.14.2",
"product": {
"name": "Atlassian Bitbucket \u003c 8.14.2",
"product_id": "T031618",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.3.4",
"product": {
"name": "Atlassian Confluence \u003c 8.3.4",
"product_id": "T030846",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.3.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.6.1",
"product": {
"name": "Atlassian Confluence \u003c 8.6.1",
"product_id": "T031326",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.6.1"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 7.19.17",
"product": {
"name": "Atlassian Confluence \u003c 7.19.17",
"product_id": "T031609",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.17"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.4.5",
"product": {
"name": "Atlassian Confluence \u003c 8.4.5",
"product_id": "T031610",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.4.5"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.5.4",
"product": {
"name": "Atlassian Confluence \u003c 8.5.4",
"product_id": "T031611",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.6.2",
"product": {
"name": "Atlassian Confluence \u003c 8.6.2",
"product_id": "T031612",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.6.2"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.7.1",
"product": {
"name": "Atlassian Confluence \u003c 8.7.1",
"product_id": "T031613",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.7.1"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 9.11.3",
"product": {
"name": "Atlassian Jira Software \u003c 9.11.3",
"product_id": "T031327",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.11.3"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 9.4.13",
"product": {
"name": "Atlassian Jira Software \u003c 9.4.13",
"product_id": "T031606",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.4.13"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software Service Management \u003c 4.20.28",
"product": {
"name": "Atlassian Jira Software Service Management \u003c 4.20.28",
"product_id": "T031607",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software Service Management \u003c 5.4.12",
"product": {
"name": "Atlassian Jira Software Service Management \u003c 5.4.12",
"product_id": "T031608",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
}
}
}
],
"category": "product_name",
"name": "Jira Software"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-42794",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-34396",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-34396"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-22521",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-22521"
},
{
"cve": "CVE-2023-22516",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-22516"
},
{
"cve": "CVE-2022-45143",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-45143"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-42252",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-41704",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-41704"
},
{
"cve": "CVE-2022-40146",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-28366",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-28366"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2021-46877",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-46877"
},
{
"cve": "CVE-2021-40690",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2021-37714",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-37714"
},
{
"cve": "CVE-2021-28165",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-28165"
},
{
"cve": "CVE-2020-36518",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2017-9735",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2017-9735"
},
{
"cve": "CVE-2017-7656",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2017-7656"
}
]
}
WID-SEC-W-2023-3146
Vulnerability from csaf_certbund - Published: 2023-12-13 23:00 - Updated: 2023-12-13 23:00In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM MQ ist eine Message Oriented Middleware von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM MQ Operator and Queue manager ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3146 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3146.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3146 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3146"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7096558 vom 2023-12-13",
"url": "https://www.ibm.com/support/pages/node/7096558"
}
],
"source_lang": "en-US",
"title": "IBM MQ Operator and Queue manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-13T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:48.819+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3146",
"initial_release_date": "2023-12-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ Operator \u003c v3.0.0",
"product": {
"name": "IBM MQ Operator \u003c v3.0.0",
"product_id": "T031689",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator__v3.0.0"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4641",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-4641"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-43804",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-43804"
},
{
"cve": "CVE-2023-4016",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-3978",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-3978"
},
{
"cve": "CVE-2023-39325",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-39325"
},
{
"cve": "CVE-2023-39319",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-39319"
},
{
"cve": "CVE-2023-39318",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-39318"
},
{
"cve": "CVE-2023-29409",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-29409"
},
{
"cve": "CVE-2023-25173",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-25173"
},
{
"cve": "CVE-2023-25153",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2023-25153"
},
{
"cve": "CVE-2022-41723",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2022-41723"
},
{
"cve": "CVE-2022-41717",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2022-41717"
},
{
"cve": "CVE-2022-31030",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2022-31030"
},
{
"cve": "CVE-2022-23471",
"notes": [
{
"category": "description",
"text": "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsma\u00dfnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
}
],
"release_date": "2023-12-13T23:00:00.000+00:00",
"title": "CVE-2022-23471"
}
]
}
WID-SEC-W-2024-0025
Vulnerability from csaf_certbund - Published: 2024-01-08 23:00 - Updated: 2024-01-08 23:00Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzulässige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in SAP-Software ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0025 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0025.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0025 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0025"
},
{
"category": "external",
"summary": "SAP Patchday Januar 2024 vom 2024-01-08",
"url": "https://www.sap.com/docs/download/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.pdf"
}
],
"source_lang": "en-US",
"title": "SAP Patchday Januar 2024",
"tracking": {
"current_release_date": "2024-01-08T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:20.756+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0025",
"initial_release_date": "2024-01-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T031901",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22125",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-22125"
},
{
"cve": "CVE-2024-22124",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-22124"
},
{
"cve": "CVE-2024-21738",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-21738"
},
{
"cve": "CVE-2024-21737",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-21737"
},
{
"cve": "CVE-2024-21736",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-21736"
},
{
"cve": "CVE-2024-21735",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-21735"
},
{
"cve": "CVE-2024-21734",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2024-21734"
},
{
"cve": "CVE-2023-50424",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2023-50424"
},
{
"cve": "CVE-2023-50423",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2023-50423"
},
{
"cve": "CVE-2023-50422",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2023-50422"
},
{
"cve": "CVE-2023-49583",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2023-49583"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-31405",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der SAP-Software. Diese Fehler bestehen in mehreren Komponenten wie Business Application Studio, Application, Interface Framework, Web Dispatcher u.a. aufgrund mehrerer Sicherheitsprobleme wie Unzul\u00e4ssige Autorisierung oder URL-Umleitung. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"T031901"
]
},
"release_date": "2024-01-08T23:00:00.000+00:00",
"title": "CVE-2023-31405"
}
]
}
WID-SEC-W-2024-0106
Vulnerability from csaf_certbund - Published: 2024-01-16 23:00 - Updated: 2024-01-16 23:00In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 23.3.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0.0.0
|
— | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
— | |
|
Oracle Communications 23.1.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.4
|
— | |
|
Oracle Communications 23.2.0.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0.0.2
|
— | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2.0.1
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2.0.1
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0106 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0106.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0106 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0106"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Communications vom 2024-01-16",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCGBU"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:43.880+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0106",
"initial_release_date": "2024-01-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Communications 5.0",
"product": {
"name": "Oracle Communications 5.0",
"product_id": "T021645",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 8.6.0.0",
"product": {
"name": "Oracle Communications 8.6.0.0",
"product_id": "T024970",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:8.6.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 12.6.1.0.0",
"product": {
"name": "Oracle Communications 12.6.1.0.0",
"product_id": "T027338",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.6.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.2.0",
"product": {
"name": "Oracle Communications 23.2.0",
"product_id": "T028682",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.3",
"product": {
"name": "Oracle Communications 23.1.3",
"product_id": "T030584",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.2.1",
"product": {
"name": "Oracle Communications 23.2.1",
"product_id": "T030585",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.3.0",
"product": {
"name": "Oracle Communications 23.3.0",
"product_id": "T030586",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 9.0.0.0",
"product": {
"name": "Oracle Communications 9.0.0.0",
"product_id": "T030589",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.3.1",
"product": {
"name": "Oracle Communications 23.3.1",
"product_id": "T032088",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 9.0.2.0.1",
"product": {
"name": "Oracle Communications \u003c= 9.0.2.0.1",
"product_id": "T032089",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.2.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 15.0.0.0.0",
"product": {
"name": "Oracle Communications 15.0.0.0.0",
"product_id": "T032090",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.4",
"product": {
"name": "Oracle Communications 23.1.4",
"product_id": "T032092",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.2.0.0.2",
"product": {
"name": "Oracle Communications 23.2.0.0.2",
"product_id": "T032093",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.0.0.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.3.0.0.0",
"product": {
"name": "Oracle Communications 23.3.0.0.0",
"product_id": "T032094",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.0.0.0"
}
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-50164",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-50164"
},
{
"cve": "CVE-2023-4911",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-4911"
},
{
"cve": "CVE-2023-46604",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-46604"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-45648",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45145",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-45145"
},
{
"cve": "CVE-2023-44981",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44981"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-44483",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-43496",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-43496"
},
{
"cve": "CVE-2023-41053",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-41053"
},
{
"cve": "CVE-2023-40167",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-40167"
},
{
"cve": "CVE-2023-38325",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-38325"
},
{
"cve": "CVE-2023-37536",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-37536"
},
{
"cve": "CVE-2023-36478",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2023-34055",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34055"
},
{
"cve": "CVE-2023-34053",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34053"
},
{
"cve": "CVE-2023-34034",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-31582",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-31582"
},
{
"cve": "CVE-2023-31486",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-31486"
},
{
"cve": "CVE-2023-30861",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-30861"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-2283",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-2283"
},
{
"cve": "CVE-2023-22102",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-22102"
},
{
"cve": "CVE-2023-1108",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-1108"
},
{
"cve": "CVE-2022-48174",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2022-46751",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-46751"
},
{
"cve": "CVE-2021-46848",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030584",
"T030586",
"T030589",
"T032094",
"T032088",
"T032092",
"T032093",
"T032090",
"T021645",
"T032091",
"T027326",
"T024970",
"T027338",
"T028684"
],
"last_affected": [
"T032089"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-46848"
}
]
}
WID-SEC-W-2024-0107
Vulnerability from csaf_certbund - Published: 2024-01-16 23:00 - Updated: 2024-01-16 23:00In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0107 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0107.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0107 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0107"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Communications Applications vom 2024-01-16",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCAGBU"
}
],
"source_lang": "en-US",
"title": "Oracle Communications Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:44.309+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0107",
"initial_release_date": "2024-01-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.0",
"product": {
"name": "Oracle Communications Applications 7.4.0",
"product_id": "T018938",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.1",
"product": {
"name": "Oracle Communications Applications 7.4.1",
"product_id": "T018939",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.2",
"product": {
"name": "Oracle Communications Applications 7.4.2",
"product_id": "T018940",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 6.0.1.0.0",
"product": {
"name": "Oracle Communications Applications 6.0.1.0.0",
"product_id": "T021634",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:6.0.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.5.0",
"product": {
"name": "Oracle Communications Applications 7.5.0",
"product_id": "T021639",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4",
"product": {
"name": "Oracle Communications Applications 7.4",
"product_id": "T022811",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.6.0.0",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.6.0.0",
"product_id": "T027325",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.6.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.0.8.0",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.0.8.0",
"product_id": "T028669",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.0.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 3.0.3.2",
"product": {
"name": "Oracle Communications Applications 3.0.3.2",
"product_id": "T028670",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.3.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 10.0.1.7.0",
"product": {
"name": "Oracle Communications Applications 10.0.1.7.0",
"product_id": "T028674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:10.0.1.7.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.0.7.0",
"product": {
"name": "Oracle Communications Applications 7.4.0.7.0",
"product_id": "T028676",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.0.7.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.1.5.0",
"product": {
"name": "Oracle Communications Applications 7.4.1.5.0",
"product_id": "T028677",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.1.5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.2.8.0",
"product": {
"name": "Oracle Communications Applications 7.4.2.8.0",
"product_id": "T028678",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.2.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 6.3.1.0.0",
"product": {
"name": "Oracle Communications Applications 6.3.1.0.0",
"product_id": "T030578",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:6.3.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.0.8",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.0.8",
"product_id": "T030579",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.0.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 6.0.3",
"product": {
"name": "Oracle Communications Applications \u003c= 6.0.3",
"product_id": "T030581",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:6.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.0.7",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.0.7",
"product_id": "T032083",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.0.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 15.0.0.0.0",
"product": {
"name": "Oracle Communications Applications 15.0.0.0.0",
"product_id": "T032084",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:15.0.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 3.0.3.3",
"product": {
"name": "Oracle Communications Applications 3.0.3.3",
"product_id": "T032085",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.3.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 8.1.0.24.0",
"product": {
"name": "Oracle Communications Applications 8.1.0.24.0",
"product_id": "T032086",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:8.1.0.24.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 5.5.19",
"product": {
"name": "Oracle Communications Applications \u003c= 5.5.19",
"product_id": "T032087",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:5.5.19"
}
}
}
],
"category": "product_name",
"name": "Communications Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-45648",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-44981",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44981"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-44483",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-42794",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42503",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-42503"
},
{
"cve": "CVE-2023-37536",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-37536"
},
{
"cve": "CVE-2023-34981",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-34034",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-31122",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-28823",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-28823"
},
{
"cve": "CVE-2023-25194",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-25194"
},
{
"cve": "CVE-2023-20883",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-20883"
},
{
"cve": "CVE-2022-45868",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-45868"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2022-36944",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-36944"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2022-31147",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-31147"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2021-4104",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-4104"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-37533"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.