Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-9230 (GCVE-0-2025-9230)
Vulnerability from cvelistv5 – Published: 2025-09-30 13:17 – Updated: 2026-06-02 12:59
VLAI
EPSS
Title
Out-of-bounds read & write in RFC 3211 KEK Unwrap
Summary
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.5.0 , < 3.5.4
(semver)
Affected: 3.4.0 , < 3.4.3 (semver) Affected: 3.3.0 , < 3.3.5 (semver) Affected: 3.2.0 , < 3.2.6 (semver) Affected: 3.0.0 , < 3.0.18 (semver) Affected: 1.1.1 , < 1.1.1zd (custom) Affected: 1.0.2 , < 1.0.2zm (custom) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCH328 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCM324 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCM328 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCM332 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRH334 (24 V DC, 8xFO, CC) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (230 V AC, 12xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (230 V AC, 8xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (24 V DC, 12xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (24 V DC, 8xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (2x230 V AC, 12xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (2x230 V AC, 8xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SIDIS Prime |
Affected:
0 , < V4.0.800
(custom)
|
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
Date Public
2025-09-30 14:00
Credits
Stanislav Fort (Aisle Research)
Stanislav Fort (Aisle Research)
Viktor Dukhovni
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T19:30:08.302408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T19:30:29.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:15:17.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCH328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM324",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIDIS Prime",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.800",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:59:47.999Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.3",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.0.18",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zd",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zm",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2025-09-30T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An application trying to decrypt CMS messages encrypted using\u003cbr\u003epassword based encryption can trigger an out-of-bounds read and write.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application. The out-of-bounds write can cause\u003cbr\u003ea memory corruption which can have various consequences including\u003cbr\u003ea Denial of Service or Execution of attacker-supplied code.\u003cbr\u003e\u003cbr\u003eAlthough the consequences of a successful exploit of this vulnerability\u003cbr\u003ecould be severe, the probability that the attacker would be able to\u003cbr\u003eperform it is low. Besides, password based (PWRI) encryption support in CMS\u003cbr\u003emessages is very rarely used. For that reason the issue was assessed as\u003cbr\u003eModerate severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary."
}
],
"value": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:17:00.808Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20250930.txt"
},
{
"name": "3.5.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482"
},
{
"name": "3.4.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280"
},
{
"name": "3.3.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45"
},
{
"name": "3.2.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd"
},
{
"name": "3.0.18 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def"
},
{
"name": "1.1.1zd git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba"
},
{
"name": "1.0.2zm git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-9230",
"datePublished": "2025-09-30T13:17:00.808Z",
"dateReserved": "2025-08-20T08:38:07.678Z",
"dateUpdated": "2026-06-02T12:59:47.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-9230",
"date": "2026-06-14",
"epss": "0.00041",
"percentile": "0.12839"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9230\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2025-09-30T14:15:41.050\",\"lastModified\":\"2026-06-02T14:16:40.760\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: An application trying to decrypt CMS messages encrypted using\\npassword based encryption can trigger an out-of-bounds read and write.\\n\\nImpact summary: This out-of-bounds read may trigger a crash which leads to\\nDenial of Service for an application. The out-of-bounds write can cause\\na memory corruption which can have various consequences including\\na Denial of Service or Execution of attacker-supplied code.\\n\\nAlthough the consequences of a successful exploit of this vulnerability\\ncould be severe, the probability that the attacker would be able to\\nperform it is low. Besides, password based (PWRI) encryption support in CMS\\nmessages is very rarely used. For that reason the issue was assessed as\\nModerate severity according to our Security Policy.\\n\\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\"},{\"lang\":\"es\",\"value\":\"Resumen del problema: Una aplicaci\u00f3n que intenta descifrar mensajes CMS cifrados usando cifrado basado en contrase\u00f1a puede desencadenar una lectura y escritura fuera de l\u00edmites.\\n\\nResumen del impacto: Esta lectura fuera de l\u00edmites puede desencadenar un fallo que lleva a una Denegaci\u00f3n de Servicio para una aplicaci\u00f3n. La escritura fuera de l\u00edmites puede causar una corrupci\u00f3n de memoria que puede tener varias consecuencias, incluyendo una Denegaci\u00f3n de Servicio o la ejecuci\u00f3n de c\u00f3digo suministrado por el atacante.\\n\\nAunque las consecuencias de un exploit exitoso de esta vulnerabilidad podr\u00edan ser graves, la probabilidad de que el atacante pudiera realizarlo es baja. Adem\u00e1s, el soporte de cifrado basado en contrase\u00f1a (PWRI) en mensajes CMS se usa muy raramente. Por esa raz\u00f3n, el problema fue evaluado como de severidad Moderada seg\u00fan nuestra Pol\u00edtica de Seguridad.\\n\\nLos m\u00f3dulos FIPS en 3.5, 3.4, 3.3, 3.2, 3.1 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de CMS est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://openssl-library.org/news/secadv/20250930.txt\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/30/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-253495.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-485750.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/30/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:15:17.295Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCH328\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM324\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM328\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM332\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRH334 (24 V DC, 8xFO, CC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (230 V AC, 12xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (230 V AC, 8xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (24 V DC, 12xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (24 V DC, 8xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (2x230 V AC, 12xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (2x230 V AC, 8xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIDIS Prime\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.0.800\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CN 4100\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-485750.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-253495.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-06-02T12:59:47.999Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9230\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-30T19:30:08.302408Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-30T19:30:26.001Z\"}}], \"cna\": {\"title\": \"Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Viktor Dukhovni\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Moderate\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.2.0\", \"lessThan\": \"3.2.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.18\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1zd\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.2\", \"lessThan\": \"1.0.2zm\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-09-30T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20250930.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482\", \"name\": \"3.5.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280\", \"name\": \"3.4.3 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45\", \"name\": \"3.3.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd\", \"name\": \"3.2.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def\", \"name\": \"3.0.18 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba\", \"name\": \"1.1.1zd git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3\", \"name\": \"1.0.2zm git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: An application trying to decrypt CMS messages encrypted using\\npassword based encryption can trigger an out-of-bounds read and write.\\n\\nImpact summary: This out-of-bounds read may trigger a crash which leads to\\nDenial of Service for an application. The out-of-bounds write can cause\\na memory corruption which can have various consequences including\\na Denial of Service or Execution of attacker-supplied code.\\n\\nAlthough the consequences of a successful exploit of this vulnerability\\ncould be severe, the probability that the attacker would be able to\\nperform it is low. Besides, password based (PWRI) encryption support in CMS\\nmessages is very rarely used. For that reason the issue was assessed as\\nModerate severity according to our Security Policy.\\n\\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: An application trying to decrypt CMS messages encrypted using\u003cbr\u003epassword based encryption can trigger an out-of-bounds read and write.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application. The out-of-bounds write can cause\u003cbr\u003ea memory corruption which can have various consequences including\u003cbr\u003ea Denial of Service or Execution of attacker-supplied code.\u003cbr\u003e\u003cbr\u003eAlthough the consequences of a successful exploit of this vulnerability\u003cbr\u003ecould be severe, the probability that the attacker would be able to\u003cbr\u003eperform it is low. Besides, password based (PWRI) encryption support in CMS\u003cbr\u003emessages is very rarely used. For that reason the issue was assessed as\u003cbr\u003eModerate severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2025-09-30T13:17:00.808Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9230\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-02T12:59:47.999Z\", \"dateReserved\": \"2025-08-20T08:38:07.678Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2025-09-30T13:17:00.808Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2025-2166
Vulnerability from csaf_certbund - Published: 2025-09-30 22:00 - Updated: 2026-03-08 23:00Summary
OpenSSL und LibreSSL: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
LibreSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL und LibreSSL ausnutzen, um potentiell beliebigen Code auszuführen, einen Denial of Service-Zustand zu verursachen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Splunk Splunk Enterprise Universal Forwarder
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:universal_forwarder
|
Universal Forwarder | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Open Source OpenSSL <3.0.18
Open Source / OpenSSL
|
<3.0.18 | ||
|
Open Source OpenSSL <1.1.1zd
Open Source / OpenSSL
|
<1.1.1zd | ||
|
Open Source OpenSSL <3.3.5
Open Source / OpenSSL
|
<3.3.5 | ||
|
Open Source OpenSSL <3.2.6
Open Source / OpenSSL
|
<3.2.6 | ||
|
SolarWinds Platform <2026.1
SolarWinds / Platform
|
<2026.1 | ||
|
Open Source OpenSSL <1.0.2zm
Open Source / OpenSSL
|
<1.0.2zm | ||
|
Open Source LibreSSL <4.0.1
Open Source / LibreSSL
|
<4.0.1 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source OpenSSL <3.5.4
Open Source / OpenSSL
|
<3.5.4 | ||
|
Open Source OpenSSL <3.4.3
Open Source / OpenSSL
|
<3.4.3 | ||
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Xerox FreeFlow Print Server <9.0 SP-3 (93.M3.14.86)
Xerox / FreeFlow Print Server
|
<9.0 SP-3 (93.M3.14.86) | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Splunk Splunk Enterprise <9.2.12
Splunk / Splunk Enterprise
|
<9.2.12 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 | ||
|
Meinberg LANTIME <7.10.004
Meinberg / LANTIME
|
<7.10.004 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IGEL OS <11.11.100
IGEL / OS
|
<11.11.100 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source LibreSSL <4.1.1
Open Source / LibreSSL
|
<4.1.1 | ||
|
IGEL OS <12.7.4
IGEL / OS
|
<12.7.4 | ||
|
IBM MQ Container
IBM / MQ
|
cpe:/a:ibm:mq:container
|
Container | |
|
IBM DevOps Code ClearCase <11.0.0.05
IBM / DevOps Code ClearCase
|
<11.0.0.05 | ||
|
IBM DevOps Code ClearCase <10.0.1.05
IBM / DevOps Code ClearCase
|
<10.0.1.05 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 | ||
|
IBM DevOps Code ClearCase <9.1.0.10
IBM / DevOps Code ClearCase
|
<9.1.0.10 |
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Splunk Splunk Enterprise Universal Forwarder
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:universal_forwarder
|
Universal Forwarder | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Open Source OpenSSL <3.3.5
Open Source / OpenSSL
|
<3.3.5 | ||
|
Open Source OpenSSL <3.2.6
Open Source / OpenSSL
|
<3.2.6 | ||
|
SolarWinds Platform <2026.1
SolarWinds / Platform
|
<2026.1 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source OpenSSL <3.5.4
Open Source / OpenSSL
|
<3.5.4 | ||
|
Open Source OpenSSL <3.4.3
Open Source / OpenSSL
|
<3.4.3 | ||
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Xerox FreeFlow Print Server <9.0 SP-3 (93.M3.14.86)
Xerox / FreeFlow Print Server
|
<9.0 SP-3 (93.M3.14.86) | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Splunk Splunk Enterprise <9.2.12
Splunk / Splunk Enterprise
|
<9.2.12 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 | ||
|
Meinberg LANTIME <7.10.004
Meinberg / LANTIME
|
<7.10.004 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IGEL OS <11.11.100
IGEL / OS
|
<11.11.100 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IGEL OS <12.7.4
IGEL / OS
|
<12.7.4 | ||
|
IBM MQ Container
IBM / MQ
|
cpe:/a:ibm:mq:container
|
Container | |
|
IBM DevOps Code ClearCase <11.0.0.05
IBM / DevOps Code ClearCase
|
<11.0.0.05 | ||
|
IBM DevOps Code ClearCase <10.0.1.05
IBM / DevOps Code ClearCase
|
<10.0.1.05 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 | ||
|
IBM DevOps Code ClearCase <9.1.0.10
IBM / DevOps Code ClearCase
|
<9.1.0.10 |
Affected products
Known affected
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Splunk Splunk Enterprise Universal Forwarder
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:universal_forwarder
|
Universal Forwarder | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Open Source OpenSSL <3.0.18
Open Source / OpenSSL
|
<3.0.18 | ||
|
Open Source OpenSSL <3.3.5
Open Source / OpenSSL
|
<3.3.5 | ||
|
Open Source OpenSSL <3.2.6
Open Source / OpenSSL
|
<3.2.6 | ||
|
SolarWinds Platform <2026.1
SolarWinds / Platform
|
<2026.1 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source OpenSSL <3.5.4
Open Source / OpenSSL
|
<3.5.4 | ||
|
Open Source OpenSSL <3.4.3
Open Source / OpenSSL
|
<3.4.3 | ||
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Xerox FreeFlow Print Server <9.0 SP-3 (93.M3.14.86)
Xerox / FreeFlow Print Server
|
<9.0 SP-3 (93.M3.14.86) | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Splunk Splunk Enterprise <9.2.12
Splunk / Splunk Enterprise
|
<9.2.12 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 | ||
|
Meinberg LANTIME <7.10.004
Meinberg / LANTIME
|
<7.10.004 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IGEL OS <11.11.100
IGEL / OS
|
<11.11.100 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IGEL OS <12.7.4
IGEL / OS
|
<12.7.4 | ||
|
IBM MQ Container
IBM / MQ
|
cpe:/a:ibm:mq:container
|
Container | |
|
IBM DevOps Code ClearCase <11.0.0.05
IBM / DevOps Code ClearCase
|
<11.0.0.05 | ||
|
IBM DevOps Code ClearCase <10.0.1.05
IBM / DevOps Code ClearCase
|
<10.0.1.05 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 | ||
|
IBM DevOps Code ClearCase <9.1.0.10
IBM / DevOps Code ClearCase
|
<9.1.0.10 |
References
117 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.\r\nLibreSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL und LibreSSL ausnutzen, um potentiell beliebigen Code auszuf\u00fchren, einen Denial of Service-Zustand zu verursachen und vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2166 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2166.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2166 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2166"
},
{
"category": "external",
"summary": "OpenSSL Vulnerabilities vom 2025-09-30",
"url": "https://openssl-library.org/news/vulnerabilities/"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2025-09-30",
"url": "https://openssl-library.org/news/secadv/20250930.txt"
},
{
"category": "external",
"summary": "LibreSSL 4.0.1 Release Notes vom 2025-09-30",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.0.1-relnotes.txt"
},
{
"category": "external",
"summary": "LibreSSL 4.1.1 Release Notes vom 2025-09-30",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.1.1-relnotes.txt"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03443-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022748.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03442-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022749.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03441-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022750.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03440-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022751.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03439-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022752.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03438-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022753.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03437-1 vom 2025-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022755.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7786-1 vom 2025-09-30",
"url": "https://ubuntu.com/security/notices/USN-7786-1"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FREEBSD-SA-25:08.OPENSSL vom 2025-09-30",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:08.openssl.asc"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6015 vom 2025-10-01",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00181.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4321 vom 2025-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-E6F76D56FC vom 2025-10-06",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-e6f76d56fc"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03464-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022766.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03463-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022767.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03522-1 vom 2025-10-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HO37ZJ4KSDOK52BA22GLEUYWEU52C22X/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03523-1 vom 2025-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022811.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03586-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W7KVSY3I4TH7CCDGE47EBT7FT7ZHC4V5/"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2025-43 vom 2025-10-13",
"url": "https://kb.igel.com/en/security-safety/current/isn-2025-43-openssl-vulnerability"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3022 vom 2025-10-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3022.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3034 vom 2025-10-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3034.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3033 vom 2025-10-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3033.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2OPENSSL-SNAPSAFE-2025-008 vom 2025-10-14",
"url": "https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAPSAFE-2025-008.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03632-1 vom 2025-10-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V6Z2I7RMKLOGDSLKDAHHV7HBNFSLSMGJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03635-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022924.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03630-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022921.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-4D34C066A1 vom 2025-10-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-4d34c066a1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3758-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FNZ57TWUAFLSYOWFLCQJ4G3DJKUC7N6D/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20867-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023063.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20896-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023118.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20910-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023105.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3917-1 vom 2025-11-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023142.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/000385230"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21174 vom 2025-11-13",
"url": "https://access.redhat.com/errata/RHSA-2025:21174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21248 vom 2025-11-13",
"url": "https://access.redhat.com/errata/RHSA-2025:21248"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21255 vom 2025-11-13",
"url": "https://access.redhat.com/errata/RHSA-2025:21255"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21562 vom 2025-11-17",
"url": "https://access.redhat.com/errata/RHSA-2025:21562"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4126-1 vom 2025-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023297.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250234 vom 2025-11-19",
"url": "https://www.ibm.com/support/pages/node/7250234"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21994 vom 2025-11-24",
"url": "https://access.redhat.com/errata/RHSA-2025:21994"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:21248 vom 2025-11-25",
"url": "https://errata.build.resf.org/RLSA-2025:21248"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28011 vom 2025-11-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-28011.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21255 vom 2025-11-26",
"url": "http://linux.oracle.com/errata/ELSA-2025-21255.html"
},
{
"category": "external",
"summary": "Meinberg Security Advisory MBGSA-2025.06 vom 2025-11-27",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2025-06-lantime-firmware-v7-10-004.htm"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22428 vom 2025-12-01",
"url": "https://access.redhat.com/errata/RHSA-2025:22428"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28020 vom 2025-12-01",
"url": "https://linux.oracle.com/errata/ELSA-2025-28020.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22529 vom 2025-12-02",
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-8E15323AF1 vom 2025-12-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8e15323af1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21248 vom 2025-12-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-21248.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22794 vom 2025-12-08",
"url": "https://access.redhat.com/errata/RHSA-2025:22794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22868 vom 2025-12-08",
"url": "https://access.redhat.com/errata/RHSA-2025:22868"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28041 vom 2025-12-09",
"url": "https://linux.oracle.com/errata/ELSA-2025-28041.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7254361 vom 2025-12-11",
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory45.asc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23079 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23079"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23078 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23080 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23080"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7254313 vom 2025-12-10",
"url": "https://www.ibm.com/support/pages/node/7254313"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23209 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23202 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23204 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23205 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23449 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:20164-1 vom 2025-12-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FI7WKQF75XQ7WHDVEL25P4FK5MLALDSJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21213-1 vom 2025-12-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023595.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21224-1 vom 2025-12-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023587.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255930 vom 2025-12-29",
"url": "https://www.ibm.com/support/pages/node/7255930"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3104 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3104.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0337 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0337"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0337 vom 2026-01-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-0337.html"
},
{
"category": "external",
"summary": "Progress Knowledge Base vom 2026-01-08",
"url": "https://community.progress.com/s/article/Is-WS-FTP-Server-version-2025-vulnerable-to-CVE-2025-9232"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:0337 vom 2026-01-14",
"url": "https://errata.build.resf.org/RLSA-2026:0337"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0420 vom 2026-01-14",
"url": "https://access.redhat.com/errata/RHSA-2026:0420"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0602 vom 2026-01-14",
"url": "https://access.redhat.com/errata/RHSA-2026:0602"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50008 vom 2026-01-15",
"url": "https://linux.oracle.com/errata/ELSA-2026-50008.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0714 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0714"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0332 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0794 vom 2026-01-19",
"url": "https://access.redhat.com/errata/RHSA-2026:0794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0887 vom 2026-01-20",
"url": "https://access.redhat.com/errata/RHSA-2026:0887"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0950 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0950"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0702 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0674 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0674"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1349 vom 2026-01-27",
"url": "https://access.redhat.com/errata/RHSA-2026:1349"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1475 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1475"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1652 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1652"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50080 vom 2026-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-50080.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50081 vom 2026-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1720 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1720"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50077 vom 2026-02-02",
"url": "https://linux.oracle.com/errata/ELSA-2026-50077.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K000159887 vom 2026-02-06",
"url": "https://my.f5.com/manage/s/article/K000159887"
},
{
"category": "external",
"summary": "SolarWinds Platform 2026.1 release notes vom 2026-02-10",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2026-1_release_notes.htm"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1720 vom 2026-02-13",
"url": "https://linux.oracle.com/errata/ELSA-2026-1720.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2776 vom 2026-02-17",
"url": "https://access.redhat.com/errata/RHSA-2026:2776"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2771 vom 2026-02-17",
"url": "https://access.redhat.com/errata/RHSA-2026:2771"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20418-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024331.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2776 vom 2026-02-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-2776.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50114 vom 2026-02-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-50114.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2026-0210 vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0210"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2026-0211 vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0211"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2994 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:2994"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2995 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:2995"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3042 vom 2026-02-24",
"url": "https://linux.oracle.com/errata/ELSA-2026-3042.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3164 vom 2026-02-24",
"url": "https://access.redhat.com/errata/RHSA-2026:3164"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2776 vom 2026-02-24",
"url": "https://errata.build.resf.org/RLSA-2026:2776"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10237-1 vom 2026-02-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4WRV4ISEUKTVWATBUIO2SUY7JFPFBQ7F/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2974 vom 2026-02-26",
"url": "https://access.redhat.com/errata/RHSA-2026:2974"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50131 vom 2026-02-27",
"url": "https://linux.oracle.com/errata/ELSA-2026-50131.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3462 vom 2026-02-27",
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3461 vom 2026-02-27",
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3415 vom 2026-03-05",
"url": "https://access.redhat.com/errata/RHSA-2026:3415"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20542-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024594.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20607-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024609.html"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX26-009",
"url": "https://security.business.xerox.com/wp-content/uploads/2026/03/Xerox-Security-Bulletin-XRX26-009-for-Xerox-FreeFlow-Print-Server-v9.pdf"
}
],
"source_lang": "en-US",
"title": "OpenSSL und LibreSSL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-08T23:00:00.000+00:00",
"generator": {
"date": "2026-03-09T08:26:48.653+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2166",
"initial_release_date": "2025-09-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-10-06T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-09T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-13T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IGEL aufgenommen"
},
{
"date": "2025-10-14T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-20T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-10-23T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-26T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-27T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Meinberg aufgenommen"
},
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Fedora und Oracle Linux aufgenommen"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-12-18T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-22T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-12-29T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-01-08T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen; Progress WS_FTP nicht betroffen"
},
{
"date": "2026-01-13T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-01-14T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-15T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-18T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-27T23:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-02-08T23:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-02-12T23:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-17T23:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat, SUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2026-02-23T23:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und openSUSE aufgenommen"
},
{
"date": "2026-02-26T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-08T23:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "60"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Appliance \u003c5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
"product_id": "T048301"
}
},
{
"category": "product_version",
"name": "Appliance 5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
"product_id": "T048301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T042765",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.0.10",
"product": {
"name": "IBM DevOps Code ClearCase \u003c9.1.0.10",
"product_id": "T048741"
}
},
{
"category": "product_version",
"name": "9.1.0.10",
"product": {
"name": "IBM DevOps Code ClearCase 9.1.0.10",
"product_id": "T048741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:devops_code_clearcase:9.1.0.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.1.05",
"product": {
"name": "IBM DevOps Code ClearCase \u003c10.0.1.05",
"product_id": "T048742"
}
},
{
"category": "product_version",
"name": "10.0.1.05",
"product": {
"name": "IBM DevOps Code ClearCase 10.0.1.05",
"product_id": "T048742-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:devops_code_clearcase:10.0.1.05"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.0.05",
"product": {
"name": "IBM DevOps Code ClearCase \u003c11.0.0.05",
"product_id": "T048743"
}
},
{
"category": "product_version",
"name": "11.0.0.05",
"product": {
"name": "IBM DevOps Code ClearCase 11.0.0.05",
"product_id": "T048743-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:devops_code_clearcase:11.0.0.05"
}
}
}
],
"category": "product_name",
"name": "DevOps Code ClearCase"
},
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
},
{
"category": "product_version",
"name": "Container",
"product": {
"name": "IBM MQ Container",
"product_id": "T040640",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:container"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.11.100",
"product": {
"name": "IGEL OS \u003c11.11.100",
"product_id": "T043218"
}
},
{
"category": "product_version",
"name": "11.11.100",
"product": {
"name": "IGEL OS 11.11.100",
"product_id": "T043218-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:11.11.100"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.7.4",
"product": {
"name": "IGEL OS \u003c12.7.4",
"product_id": "T047577"
}
},
{
"category": "product_version",
"name": "12.7.4",
"product": {
"name": "IGEL OS 12.7.4",
"product_id": "T047577-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:12.7.4"
}
}
}
],
"category": "product_name",
"name": "OS"
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.10.004",
"product": {
"name": "Meinberg LANTIME \u003c7.10.004",
"product_id": "T048945"
}
},
{
"category": "product_version",
"name": "7.10.004",
"product": {
"name": "Meinberg LANTIME 7.10.004",
"product_id": "T048945-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:7.10.004"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.0.1",
"product": {
"name": "Open Source LibreSSL \u003c4.0.1",
"product_id": "T047309"
}
},
{
"category": "product_version",
"name": "4.0.1",
"product": {
"name": "Open Source LibreSSL 4.0.1",
"product_id": "T047309-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:libressl:4.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.1",
"product": {
"name": "Open Source LibreSSL \u003c4.1.1",
"product_id": "T047310"
}
},
{
"category": "product_version",
"name": "4.1.1",
"product": {
"name": "Open Source LibreSSL 4.1.1",
"product_id": "T047310-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:libressl:4.1.1"
}
}
}
],
"category": "product_name",
"name": "LibreSSL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.4",
"product": {
"name": "Open Source OpenSSL \u003c3.5.4",
"product_id": "T047302"
}
},
{
"category": "product_version",
"name": "3.5.4",
"product": {
"name": "Open Source OpenSSL 3.5.4",
"product_id": "T047302-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.5.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.3",
"product": {
"name": "Open Source OpenSSL \u003c3.4.3",
"product_id": "T047303"
}
},
{
"category": "product_version",
"name": "3.4.3",
"product": {
"name": "Open Source OpenSSL 3.4.3",
"product_id": "T047303-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.3.5",
"product": {
"name": "Open Source OpenSSL \u003c3.3.5",
"product_id": "T047304"
}
},
{
"category": "product_version",
"name": "3.3.5",
"product": {
"name": "Open Source OpenSSL 3.3.5",
"product_id": "T047304-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.3.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.2.6",
"product": {
"name": "Open Source OpenSSL \u003c3.2.6",
"product_id": "T047305"
}
},
{
"category": "product_version",
"name": "3.2.6",
"product": {
"name": "Open Source OpenSSL 3.2.6",
"product_id": "T047305-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.18",
"product": {
"name": "Open Source OpenSSL \u003c3.0.18",
"product_id": "T047306"
}
},
{
"category": "product_version",
"name": "3.0.18",
"product": {
"name": "Open Source OpenSSL 3.0.18",
"product_id": "T047306-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.1zd",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1zd",
"product_id": "T047307"
}
},
{
"category": "product_version",
"name": "1.1.1zd",
"product": {
"name": "Open Source OpenSSL 1.1.1zd",
"product_id": "T047307-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1zd"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.0.2zm",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2zm",
"product_id": "T047308"
}
},
{
"category": "product_version",
"name": "1.0.2zm",
"product": {
"name": "Open Source OpenSSL 1.0.2zm",
"product_id": "T047308-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.0.2zm"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.62",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.62",
"product_id": "T051279"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.62",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.62",
"product_id": "T051279-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.62"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2026.1",
"product": {
"name": "SolarWinds Platform \u003c2026.1",
"product_id": "T050624"
}
},
{
"category": "product_version",
"name": "2026.1",
"product": {
"name": "SolarWinds Platform 2026.1",
"product_id": "T050624-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_platform:2026.1"
}
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.0",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.2.0",
"product_id": "T050416"
}
},
{
"category": "product_version",
"name": "10.2.0",
"product": {
"name": "Splunk Splunk Enterprise 10.2.0",
"product_id": "T050416-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.0.3",
"product_id": "T050417"
}
},
{
"category": "product_version",
"name": "10.0.3",
"product": {
"name": "Splunk Splunk Enterprise 10.0.3",
"product_id": "T050417-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.9",
"product_id": "T050419"
}
},
{
"category": "product_version",
"name": "9.3.9",
"product": {
"name": "Splunk Splunk Enterprise 9.3.9",
"product_id": "T050419-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.12",
"product_id": "T050420"
}
},
{
"category": "product_version",
"name": "9.2.12",
"product": {
"name": "Splunk Splunk Enterprise 9.2.12",
"product_id": "T050420-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.12"
}
}
},
{
"category": "product_version",
"name": "Universal Forwarder",
"product": {
"name": "Splunk Splunk Enterprise Universal Forwarder",
"product_id": "T050995",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:universal_forwarder"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.8",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.8",
"product_id": "T050996"
}
},
{
"category": "product_version",
"name": "9.4.8",
"product": {
"name": "Splunk Splunk Enterprise 9.4.8",
"product_id": "T050996-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.8"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0 SP-3 (93.M3.14.86)",
"product": {
"name": "Xerox FreeFlow Print Server \u003c9.0 SP-3 (93.M3.14.86)",
"product_id": "T051478"
}
},
{
"category": "product_version",
"name": "9.0 SP-3 (93.M3.14.86)",
"product": {
"name": "Xerox FreeFlow Print Server 9.0 SP-3 (93.M3.14.86)",
"product_id": "T051478-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9.0_sp-3_%2893.m3.14.86%29"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"product_status": {
"known_affected": [
"67646",
"4035",
"T050996",
"T036688",
"T050995",
"T004914",
"1139691",
"T047306",
"T047307",
"T047304",
"T047305",
"T050624",
"T047308",
"T047309",
"398363",
"T047302",
"T047303",
"434967",
"1039165",
"T051478",
"1522854",
"T051279",
"T032255",
"74185",
"T050420",
"T032495",
"T050419",
"T048945",
"2951",
"T002207",
"T042765",
"T000126",
"T043218",
"T050417",
"T050416",
"T027843",
"T047310",
"T047577",
"T040640",
"T048743",
"T048742",
"T048301",
"T048741"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9231",
"product_status": {
"known_affected": [
"67646",
"4035",
"T050996",
"T036688",
"T050995",
"T004914",
"1139691",
"T047304",
"T047305",
"T050624",
"398363",
"T047302",
"T047303",
"434967",
"1039165",
"T051478",
"1522854",
"T051279",
"T032255",
"74185",
"T050420",
"T032495",
"T050419",
"T048945",
"2951",
"T002207",
"T042765",
"T000126",
"T043218",
"T050417",
"T050416",
"T027843",
"T047577",
"T040640",
"T048743",
"T048742",
"T048301",
"T048741"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2025-9231"
},
{
"cve": "CVE-2025-9232",
"product_status": {
"known_affected": [
"67646",
"4035",
"T050996",
"T036688",
"T050995",
"T004914",
"1139691",
"T047306",
"T047304",
"T047305",
"T050624",
"398363",
"T047302",
"T047303",
"434967",
"1039165",
"T051478",
"1522854",
"T051279",
"T032255",
"74185",
"T050420",
"T032495",
"T050419",
"T048945",
"2951",
"T002207",
"T042765",
"T000126",
"T043218",
"T050417",
"T050416",
"T027843",
"T047577",
"T040640",
"T048743",
"T048742",
"T048301",
"T048741"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2025-9232"
}
]
}
WID-SEC-W-2026-0168
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-03-26 23:00Summary
Oracle MySQL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=8.4.7
Oracle / MySQL
|
<=8.4.7 | ||
|
Oracle MySQL <=9.5.0
Oracle / MySQL
|
<=9.5.0 | ||
|
Oracle MySQL <=9.4.0
Oracle / MySQL
|
<=9.4.0 | ||
|
Oracle MySQL <=7.6.36
Oracle / MySQL
|
<=7.6.36 | ||
|
Oracle MySQL <=8.0.45
Oracle / MySQL
|
<=8.0.45 |
References
17 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0168 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0168.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0168 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0168"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle MySQL vom 2026-01-20",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7994-1 vom 2026-02-03",
"url": "https://ubuntu.com/security/notices/USN-7994-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8006-1 vom 2026-02-04",
"url": "https://ubuntu.com/security/notices/USN-8006-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4162 vom 2026-03-10",
"url": "https://access.redhat.com/errata/RHSA-2026:4162"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4162 vom 2026-03-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-4162.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:4828 vom 2026-03-18",
"url": "https://errata.build.resf.org/RLSA-2026:4828"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4828 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4828"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4828 vom 2026-03-18",
"url": "https://linux.oracle.com/errata/ELSA-2026-4828.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5580 vom 2026-03-24",
"url": "https://access.redhat.com/errata/RHSA-2026:5580"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:5580 vom 2026-03-24",
"url": "https://errata.build.resf.org/RLSA-2026:5580"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5640 vom 2026-03-24",
"url": "https://access.redhat.com/errata/RHSA-2026:5640"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:5640 vom 2026-03-24",
"url": "https://errata.build.resf.org/RLSA-2026:5640"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-5640 vom 2026-03-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-5640.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-5580 vom 2026-03-27",
"url": "http://linux.oracle.com/errata/ELSA-2026-5580.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-5580 vom 2026-03-26",
"url": "https://linux.oracle.com/errata/ELSA-2026-5580.html"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-26T23:00:00.000+00:00",
"generator": {
"date": "2026-03-27T09:43:09.813+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0168",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-3544"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-02-03T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-09T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.4.0",
"product": {
"name": "Oracle MySQL \u003c=9.4.0",
"product_id": "T047929"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.4.0",
"product": {
"name": "Oracle MySQL \u003c=9.4.0",
"product_id": "T047929-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.7",
"product": {
"name": "Oracle MySQL \u003c=8.4.7",
"product_id": "T050150"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.7",
"product": {
"name": "Oracle MySQL \u003c=8.4.7",
"product_id": "T050150-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.5.0",
"product": {
"name": "Oracle MySQL \u003c=9.5.0",
"product_id": "T050151"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.5.0",
"product": {
"name": "Oracle MySQL \u003c=9.5.0",
"product_id": "T050151-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.45",
"product": {
"name": "Oracle MySQL \u003c=8.0.45",
"product_id": "T050153"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.45",
"product": {
"name": "Oracle MySQL \u003c=8.0.45",
"product_id": "T050153-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.36",
"product": {
"name": "Oracle MySQL \u003c=7.6.36",
"product_id": "T050154"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.36",
"product": {
"name": "Oracle MySQL \u003c=7.6.36",
"product_id": "T050154-fixed"
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-65018",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-6965",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2026-21929",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21929"
},
{
"cve": "CVE-2026-21936",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21936"
},
{
"cve": "CVE-2026-21937",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21937"
},
{
"cve": "CVE-2026-21941",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21941"
},
{
"cve": "CVE-2026-21948",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21948"
},
{
"cve": "CVE-2026-21949",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21949"
},
{
"cve": "CVE-2026-21950",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21950"
},
{
"cve": "CVE-2026-21952",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21952"
},
{
"cve": "CVE-2026-21964",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21964"
},
{
"cve": "CVE-2026-21965",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21965"
},
{
"cve": "CVE-2026-21968",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21968"
}
]
}
WID-SEC-W-2026-0544
Vulnerability from csaf_certbund - Published: 2026-02-26 23:00 - Updated: 2026-03-25 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren oder andere nicht näher spezifizierte Angriffe durchzuführen, darunter potenzielle Codeausführung oder Speicherbeschädigung.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP14 IF05
IBM / QRadar SIEM
|
<7.5.0 UP14 IF05 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, darunter potenzielle Codeausf\u00fchrung oder Speicherbesch\u00e4digung.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0544 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0544.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0544 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0544"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261935 vom 2026-02-26",
"url": "https://www.ibm.com/support/pages/node/7261935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5813 vom 2026-03-25",
"url": "https://access.redhat.com/errata/RHSA-2026:5813"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-25T23:00:00.000+00:00",
"generator": {
"date": "2026-03-26T08:02:15.673+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0544",
"initial_release_date": "2026-02-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP14 IF05",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP14 IF05",
"product_id": "T051283"
}
},
{
"category": "product_version",
"name": "7.5.0 UP14 IF05",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP14 IF05",
"product_id": "T051283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up14_if05"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53673",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2025-13601",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-13601"
},
{
"cve": "CVE-2025-39993",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-40154",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-40154"
},
{
"cve": "CVE-2025-40240",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-40240"
},
{
"cve": "CVE-2025-40248",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-40248"
},
{
"cve": "CVE-2025-40277",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-40277"
},
{
"cve": "CVE-2025-68285",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68615",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-68615"
},
{
"cve": "CVE-2025-68973",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-68973"
},
{
"cve": "CVE-2025-9230",
"product_status": {
"known_affected": [
"T051283",
"67646"
]
},
"release_date": "2026-02-26T23:00:00.000+00:00",
"title": "CVE-2025-9230"
}
]
}
WID-SEC-W-2026-0647
Vulnerability from csaf_certbund - Published: 2026-03-09 23:00 - Updated: 2026-03-09 23:00Summary
SAP Patchday März 2026: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0647 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0647.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0647 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0647"
},
{
"category": "external",
"summary": "March Patch Day Security Notes vom 2026-03-09",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday M\u00e4rz 2026: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-09T23:00:00.000+00:00",
"generator": {
"date": "2026-03-10T11:16:40.584+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0647",
"initial_release_date": "2026-03-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T051504",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17571",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2025-9230",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9232",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2026-0489",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-0489"
},
{
"cve": "CVE-2026-24309",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-24309"
},
{
"cve": "CVE-2026-24310",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-24310"
},
{
"cve": "CVE-2026-24311",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-24311"
},
{
"cve": "CVE-2026-24313",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-24313"
},
{
"cve": "CVE-2026-24316",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-24316"
},
{
"cve": "CVE-2026-24317",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-24317"
},
{
"cve": "CVE-2026-27684",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-27684"
},
{
"cve": "CVE-2026-27685",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-27685"
},
{
"cve": "CVE-2026-27686",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-27686"
},
{
"cve": "CVE-2026-27687",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-27687"
},
{
"cve": "CVE-2026-27688",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-27688"
},
{
"cve": "CVE-2026-27689",
"product_status": {
"known_affected": [
"T051504"
]
},
"release_date": "2026-03-09T23:00:00.000+00:00",
"title": "CVE-2026-27689"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…