Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-3772 (GCVE-0-2024-3772)
Vulnerability from cvelistv5 – Published: 2024-04-15 01:42 – Updated: 2025-02-13 17:53
VLAI
EPSS
Title
Regular expression denial of service in Pydantic < 2.4.0
Summary
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
Severity
5.9 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pydantic_project:pydantic:1.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pydantic",
"vendor": "pydantic_project",
"versions": [
{
"lessThan": "1.10.13",
"status": "affected",
"version": "1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:pydantic_project:pydantic:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pydantic",
"vendor": "pydantic_project",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3772",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:52:22.735887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:29:03.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pydantic/pydantic/pull/7360"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pydantic",
"repo": "https://github.com/pydantic/pydantic",
"vendor": "Pydantic",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "2.0",
"versionType": "semver"
},
{
"lessThan": "1.10.13",
"status": "affected",
"version": "1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Regular expression denial of service in Pydanic \u0026lt; 2.4.0, \u0026lt; 1.10.13 allows remote attackers to cause denial of service via a crafted email string.\u003cbr\u003e"
}
],
"value": "Regular expression denial of service in Pydanic \u003c 2.4.0, \u003c 1.10.13 allows remote attackers to cause denial of service via a crafted email string."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T02:05:56.157Z",
"orgId": "430a6cef-dc26-47e3-9fa8-52fb7f19644e",
"shortName": "directcyber"
},
"references": [
{
"url": "https://github.com/pydantic/pydantic/pull/7360"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Regular expression denial of service in Pydantic \u003c 2.4.0",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "430a6cef-dc26-47e3-9fa8-52fb7f19644e",
"assignerShortName": "directcyber",
"cveId": "CVE-2024-3772",
"datePublished": "2024-04-15T01:42:07.888Z",
"dateReserved": "2024-04-15T01:23:15.783Z",
"dateUpdated": "2025-02-13T17:53:00.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-3772",
"date": "2026-05-29",
"epss": "0.0028",
"percentile": "0.51632"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3772\",\"sourceIdentifier\":\"430a6cef-dc26-47e3-9fa8-52fb7f19644e\",\"published\":\"2024-04-15T03:16:07.987\",\"lastModified\":\"2025-12-09T18:26:27.817\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Regular expression denial of service in Pydanic \u003c 2.4.0, \u003c 1.10.13 allows remote attackers to cause denial of service via a crafted email string.\"},{\"lang\":\"es\",\"value\":\"La denegaci\u00f3n de servicio de expresi\u00f3n regular en Pydanic \u0026lt; 2.4.0, \u0026lt; 1.10.13 permite a atacantes remotos provocar denegaci\u00f3n de servicio a trav\u00e9s de una cadena de correo electr\u00f3nico manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"430a6cef-dc26-47e3-9fa8-52fb7f19644e\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"430a6cef-dc26-47e3-9fa8-52fb7f19644e\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pydantic:pydantic:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.13\",\"matchCriteriaId\":\"ACBEEF19-DE3B-4435-9F93-DD9382A6A594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pydantic:pydantic:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.4.0\",\"matchCriteriaId\":\"A362CB47-987D-48D0-B033-D5EC8400C16B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://github.com/pydantic/pydantic/pull/7360\",\"source\":\"430a6cef-dc26-47e3-9fa8-52fb7f19644e\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/\",\"source\":\"430a6cef-dc26-47e3-9fa8-52fb7f19644e\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/pydantic/pydantic/pull/7360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/pydantic/pydantic/pull/7360\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:20:01.828Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3772\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-22T19:52:22.735887Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pydantic_project:pydantic:1.0:-:*:*:*:*:*:*\"], \"vendor\": \"pydantic_project\", \"product\": \"pydantic\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"1.10.13\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:pydantic_project:pydantic:2.0:*:*:*:*:*:*:*\"], \"vendor\": \"pydantic_project\", \"product\": \"pydantic\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-22T19:47:21.026Z\"}}], \"cna\": {\"title\": \"Regular expression denial of service in Pydantic \u003c 2.4.0\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sajeeb Lohani\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/pydantic/pydantic\", \"vendor\": \"Pydantic\", \"product\": \"Pydantic\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\", \"lessThan\": \"2.4.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"1.10.13\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/pydantic/pydantic/pull/7360\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Regular expression denial of service in Pydanic \u003c 2.4.0, \u003c 1.10.13 allows remote attackers to cause denial of service via a crafted email string.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Regular expression denial of service in Pydanic \u0026lt; 2.4.0, \u0026lt; 1.10.13 allows remote attackers to cause denial of service via a crafted email string.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"430a6cef-dc26-47e3-9fa8-52fb7f19644e\", \"shortName\": \"directcyber\", \"dateUpdated\": \"2024-04-26T02:05:56.157Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3772\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:53:00.106Z\", \"dateReserved\": \"2024-04-15T01:23:15.783Z\", \"assignerOrgId\": \"430a6cef-dc26-47e3-9fa8-52fb7f19644e\", \"datePublished\": \"2024-04-15T01:42:07.888Z\", \"assignerShortName\": \"directcyber\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2024-0932
Vulnerability from csaf_certbund - Published: 2024-04-18 22:00 - Updated: 2024-12-03 23:00Summary
IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Pydantic aufgrund einer unsachgemäßen Eingabevalidierung. Durch Senden einer speziell gestalteten E-Mail-Zeichenfolge kann ein entfernter, anonymer Angreifer eine Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise LTS <5.0.14
IBM / App Connect Enterprise
|
LTS <5.0.14 | ||
|
IBM App Connect Enterprise <11.2.0
IBM / App Connect Enterprise
|
<11.2.0 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0932 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0932.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0932 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0932"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-18",
"url": "https://www.ibm.com/support/pages/node/7148623"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159329 vom 2024-07-01",
"url": "https://www.ibm.com/support/pages/node/7159329"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177814 vom 2024-12-04",
"url": "https://www.ibm.com/support/pages/node/7177814"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177816 vom 2024-12-04",
"url": "https://www.ibm.com/support/pages/node/7177816"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177817 vom 2024-12-04",
"url": "https://www.ibm.com/support/pages/node/7177817"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-12-03T23:00:00.000+00:00",
"generator": {
"date": "2024-12-04T13:21:14.326+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0932",
"initial_release_date": "2024-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "3",
"summary": "Pr\u00fcfung Produkteintragung"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.2.0",
"product": {
"name": "IBM App Connect Enterprise \u003c11.2.0",
"product_id": "T034321"
}
},
{
"category": "product_version",
"name": "11.2.0",
"product": {
"name": "IBM App Connect Enterprise 11.2.0",
"product_id": "T034321-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:11.2.0"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c5.0.14",
"product": {
"name": "IBM App Connect Enterprise LTS \u003c5.0.14",
"product_id": "T034324"
}
},
{
"category": "product_version",
"name": "LTS 5.0.14",
"product": {
"name": "IBM App Connect Enterprise LTS 5.0.14",
"product_id": "T034324-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:lts__5.0.14"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3772",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Pydantic aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung. Durch Senden einer speziell gestalteten E-Mail-Zeichenfolge kann ein entfernter, anonymer Angreifer eine Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T034324",
"T034321"
]
},
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3772"
}
]
}
WID-SEC-W-2024-1328
Vulnerability from csaf_certbund - Published: 2024-06-10 22:00 - Updated: 2025-10-19 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand erzeugen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren oder Cross-Site-Scripting (XSS)-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
References
47 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial-of-Service-Zustand erzeugen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren oder Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1328 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1328.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1328 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1328"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3781"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3820 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3713 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3811 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3795 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3795"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3820 vom 2024-06-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-3820.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-F52B6219CA vom 2024-06-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f52b6219ca"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3820 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:3820"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2068-1 vom 2024-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018734.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2182-1 vom 2024-06-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018806.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-644 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-644.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-645 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-645.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4231 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4231"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4227 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4227"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4227 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4227.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4231 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4231.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4404 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4404"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4414 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4414"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4427 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4427"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4522 vom 2024-07-12",
"url": "https://access.redhat.com/errata/RHSA-2024:4522"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2481-1 vom 2024-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018968.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2481-1 vom 2024-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018973.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2481-1 vom 2024-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018969.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4227 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4227"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4231 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4231"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4616 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4616"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4958 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4958"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-11 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-11"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5107 vom 2024-08-13",
"url": "https://access.redhat.com/errata/RHSA-2024:5107"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5662 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6428 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6428"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2654 vom 2024-10-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2654.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7174016 vom 2024-10-24",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9150 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9988 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9988"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9984 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9984"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9986 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9986"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5828 vom 2024-12-12",
"url": "https://security-tracker.debian.org/tracker/DSA-5828-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4000 vom 2024-12-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4396-1 vom 2024-12-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2G4X2TXZZR4PJJZP65T5QITC24ZVDLNL/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:0012 vom 2025-01-08",
"url": "https://errata.build.resf.org/RLSA-2025:0012"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1335 vom 2025-02-12",
"url": "https://access.redhat.com/errata/RHSA-2025:1335"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2868 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2868.html"
},
{
"category": "external",
"summary": "Dell Security Update vom 2025-10-02",
"url": "https://www.dell.com/support/kbdoc/000376224"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D2D3A5FA79 vom 2025-10-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d2d3a5fa79"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-19T22:00:00.000+00:00",
"generator": {
"date": "2025-10-20T08:43:57.291+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1328",
"initial_release_date": "2024-06-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-24T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-12-22T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.4.0.0",
"product_id": "T045879"
}
},
{
"category": "product_version",
"name": "8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.4.0.0",
"product_id": "T045879-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.70",
"product_id": "T045881"
}
},
{
"category": "product_version",
"name": "7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.70",
"product_id": "T045881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.70"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.40",
"product_id": "T047343"
}
},
{
"category": "product_version",
"name": "7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.40",
"product_id": "T047343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.3.1.10",
"product_id": "T047344"
}
},
{
"category": "product_version",
"name": "8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain 8.3.1.10",
"product_id": "T047344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.3.1.10"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.4",
"product_id": "T035285"
}
},
{
"category": "product_version",
"name": "2.4",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4",
"product_id": "T035285-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Update Infrastructure 4",
"product": {
"name": "Red Hat Enterprise Linux Update Infrastructure 4",
"product_id": "T041113",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "6.15",
"product": {
"name": "Red Hat Satellite 6.15",
"product_id": "T034360",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-45290",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-45290"
},
{
"cve": "CVE-2023-49083",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-50447",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-50447"
},
{
"cve": "CVE-2023-5752",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-5752"
},
{
"cve": "CVE-2024-1135",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-1135"
},
{
"cve": "CVE-2024-21503",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-21503"
},
{
"cve": "CVE-2024-24783",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-24783"
},
{
"cve": "CVE-2024-26130",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-27306",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-27306"
},
{
"cve": "CVE-2024-27351",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-27351"
},
{
"cve": "CVE-2024-28219",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-28849",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-30251",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-30251"
},
{
"cve": "CVE-2024-32879",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-32879"
},
{
"cve": "CVE-2024-34064",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-35195",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-3651",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-3772",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-3772"
},
{
"cve": "CVE-2024-4340",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-4340"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…