Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-4923 (GCVE-0-2026-4923)
Vulnerability from cvelistv5 – Published: 2026-03-26 19:02 – Updated: 2026-03-27 13:58
VLAI
EPSS
Title
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Summary
Impact:
When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.
Unsafe examples:
/*foo-*bar-:baz
/*a-:b-*c-:d
/x/*a-:b/*c/y
Safe examples:
/*foo-:bar
/*foo-:bar-*baz
Patches:
Upgrade to version 8.4.0.
Workarounds:
If you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| path-to-regexp | path-to-regexp |
Affected:
8.0.0 , < 8.4.0
(semver)
Unaffected: 8.4.0 (semver) |
Credits
blakeembrey
UlisesGascon
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:46:47.360477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:58:03.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/path-to-regexp",
"product": "path-to-regexp",
"vendor": "path-to-regexp",
"versions": [
{
"lessThan": "8.4.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "blakeembrey"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "UlisesGascon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
}
],
"value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:02:00.729Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-4923",
"datePublished": "2026-03-26T19:02:00.729Z",
"dateReserved": "2026-03-26T18:05:44.717Z",
"dateUpdated": "2026-03-27T13:58:03.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-4923",
"date": "2026-06-12",
"epss": "0.00018",
"percentile": "0.05143"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-4923\",\"sourceIdentifier\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"published\":\"2026-03-26T19:17:08.187\",\"lastModified\":\"2026-04-16T18:03:37.620\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Impact:\\n\\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\\n\\nUnsafe examples:\\n\\n/*foo-*bar-:baz\\n/*a-:b-*c-:d\\n/x/*a-:b/*c/y\\n\\nSafe examples:\\n\\n/*foo-:bar\\n/*foo-:bar-*baz\\n\\nPatches:\\n\\nUpgrade to version 8.4.0.\\n\\nWorkarounds:\\n\\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.\"},{\"lang\":\"es\",\"value\":\"Impacto:\\n\\nAl usar m\u00faltiples comodines, combinados con al menos un par\u00e1metro, se puede generar una expresi\u00f3n regular que es vulnerable a ReDoS. Esta vulnerabilidad de retroceso requiere que el segundo comod\u00edn est\u00e9 en un lugar distinto al final de la ruta.\\n\\nEjemplos no seguros:\\n\\n/*foo-*bar-:baz\\n/*a-:b-*c-:d\\n/x/*a-:b/*c/y\\n\\nEjemplos seguros:\\n\\n/*foo-:bar\\n/*foo-:bar-*baz\\n\\nParches:\\n\\nActualice a la versi\u00f3n 8.4.0.\\n\\nSoluciones alternativas:\\n\\nSi est\u00e1 utilizando m\u00faltiples par\u00e1metros comod\u00edn, puede verificar la salida de la expresi\u00f3n regular con una herramienta como https://makenowjust-labs.github.io/recheck/playground/ para confirmar si una ruta es vulnerable.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.4.0\",\"matchCriteriaId\":\"DB421812-F7E3-4CC5-B02B-53CCBFDFB671\"}]}]}],\"references\":[{\"url\":\"https://cna.openjsf.org/security-advisories.html\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards\", \"credits\": [{\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"blakeembrey\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"UlisesGascon\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"path-to-regexp\", \"product\": \"path-to-regexp\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.4.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"8.4.0\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:npm/path-to-regexp\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cna.openjsf.org/security-advisories.html\"}], \"x_generator\": {\"engine\": \"cve-kit 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Impact:\\n\\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\\n\\nUnsafe examples:\\n\\n/*foo-*bar-:baz\\n/*a-:b-*c-:d\\n/x/*a-:b/*c/y\\n\\nSafe examples:\\n\\n/*foo-:bar\\n/*foo-:bar-*baz\\n\\nPatches:\\n\\nUpgrade to version 8.4.0.\\n\\nWorkarounds:\\n\\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Impact:\\n\\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\\n\\nUnsafe examples:\\n\\n/*foo-*bar-:baz\\n/*a-:b-*c-:d\\n/x/*a-:b/*c/y\\n\\nSafe examples:\\n\\n/*foo-:bar\\n/*foo-:bar-*baz\\n\\nPatches:\\n\\nUpgrade to version 8.4.0.\\n\\nWorkarounds:\\n\\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333: Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"shortName\": \"openjs\", \"dateUpdated\": \"2026-03-26T19:02:00.729Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4923\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T13:46:47.360477Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-27T13:46:51.745Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-4923\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-26T19:02:00.729Z\", \"dateReserved\": \"2026-03-26T18:05:44.717Z\", \"assignerOrgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"datePublished\": \"2026-03-26T19:02:00.729Z\", \"assignerShortName\": \"openjs\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:24841
Vulnerability from csaf_redhat - Published: 2026-06-09 14:38 - Updated: 2026-06-09 19:11Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.
Severity
Moderate
Notes
Topic: Red Hat Developer Hub 1.10.0 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. The issue arises when multiple wildcards are used with parameters in a way that creates a vulnerable regular expression, leading to excessive processing time and system unresponsiveness.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in a Denial of Service (DoS) for the affected system.
CWE-770 - Allocation of Resources Without Limits or ThrottlingAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in yauzl (Yet Another Unzip Library), a component used in Node.js applications for handling zip files. A remote attacker can exploit an error in how the library processes specific timestamp information within a crafted zip file. This can lead to a denial of service (DoS), causing affected applications to crash and become unavailable.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
An allowlist bypass flaw has been discovered in the npm @backstage/plugin-auth-backend package. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are explicitly set to zero, bypassing intended restrictions. This oversight allows for unbounded entity expansion, consuming excessive memory and leading to a Denial of Service (DoS) condition, which makes the application unavailable to legitimate users.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.10.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24841",
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22036",
"url": "https://access.redhat.com/security/cve/CVE-2026-22036"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27601",
"url": "https://access.redhat.com/security/cve/CVE-2026-27601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31988",
"url": "https://access.redhat.com/security/cve/CVE-2026-31988"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32235",
"url": "https://access.redhat.com/security/cve/CVE-2026-32235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33349",
"url": "https://access.redhat.com/security/cve/CVE-2026-33349"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4923",
"url": "https://access.redhat.com/security/cve/CVE-2026-4923"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2870",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2870"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2962",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2962"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2964",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2964"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2965",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2965"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2966",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2966"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2971",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2971"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2974",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2974"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24841.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.",
"tracking": {
"current_release_date": "2026-06-09T19:11:29+00:00",
"generator": {
"date": "2026-06-09T19:11:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24841",
"initial_release_date": "2026-06-09T14:38:34+00:00",
"revision_history": [
{
"date": "2026-06-09T14:38:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-09T14:38:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T19:11:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.10",
"product": {
"name": "Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.10::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Ab99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1780930740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Ac290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1779927546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ab04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1780961472"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-4923",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-03-26T20:02:52.199458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. The issue arises when multiple wildcards are used with parameters in a way that creates a vulnerable regular expression, leading to excessive processing time and system unresponsiveness.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4923"
},
{
"category": "external",
"summary": "RHBZ#2451860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"release_date": "2026-03-26T19:02:00.729000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards"
},
{
"cve": "CVE-2026-22036",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-14T20:01:00.899462+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via excessive decompression steps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in Undici, an HTTP/1.1 client for Node.js, allows a remote malicious server to trigger a Denial of Service by sending a specially crafted HTTP response with excessive decompression steps. This can lead to high CPU usage and memory allocation on the client system. Red Hat products utilizing Undici that connect to untrusted external HTTP servers are potentially affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22036"
},
{
"category": "external",
"summary": "RHBZ#2429741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22036"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
"url": "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9"
}
],
"release_date": "2026-01-14T19:07:13.745000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Denial of Service via excessive decompression steps"
},
{
"cve": "CVE-2026-27601",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-03-03T23:01:58.011378+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27601"
},
{
"category": "external",
"summary": "RHBZ#2444247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4",
"url": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84",
"url": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw",
"url": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw"
}
],
"release_date": "2026-03-03T22:38:38.955000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing Underscore.js should ensure that any processing of untrusted, recursively structured data with `_.flatten` or `_.isEqual` explicitly enforces a finite depth limit. Review application code to identify and modify calls to these functions, adding appropriate depth parameters to prevent stack overflow conditions. Additionally, input validation should be implemented to sanitize untrusted data before it is processed by Underscore.js functions.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions"
},
{
"cve": "CVE-2026-31988",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2026-03-12T00:01:15.619385+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446882"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in yauzl (Yet Another Unzip Library), a component used in Node.js applications for handling zip files. A remote attacker can exploit an error in how the library processes specific timestamp information within a crafted zip file. This can lead to a denial of service (DoS), causing affected applications to crash and become unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "yauzl: yauzl: Denial of Service vulnerability in zip file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw in yauzl can lead to a denial of service in Node.js applications that process zip file uploads and specifically call `entry.getLastModDate()` on parsed entries. Red Hat products that utilize the affected `yauzl` library in this manner are susceptible to a process crash when handling a specially crafted zip file containing a malformed NTFS extra field.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31988"
},
{
"category": "external",
"summary": "RHBZ#2446882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31988"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31988",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31988"
},
{
"category": "external",
"summary": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe",
"url": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe"
},
{
"category": "external",
"summary": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash",
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/yauzl",
"url": "https://www.npmjs.com/package/yauzl"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser",
"url": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser"
}
],
"release_date": "2026-03-11T22:58:48.863000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "yauzl: yauzl: Denial of Service vulnerability in zip file processing"
},
{
"cve": "CVE-2026-32235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2026-03-12T19:01:05.406839+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447075"
}
],
"notes": [
{
"category": "description",
"text": "An allowlist bypass flaw has been discovered in the npm @backstage/plugin-auth-backend package. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32235"
},
{
"category": "external",
"summary": "RHBZ#2447075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32235"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-wqvh-63mv-9w92",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-wqvh-63mv-9w92"
}
],
"release_date": "2026-03-12T18:35:06.325000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "@backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass"
},
{
"cve": "CVE-2026-33349",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-03-24T20:02:32.870828+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450909"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are explicitly set to zero, bypassing intended restrictions. This oversight allows for unbounded entity expansion, consuming excessive memory and leading to a Denial of Service (DoS) condition, which makes the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33349"
},
{
"category": "external",
"summary": "RHBZ#2450909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33349",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33349"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g"
}
],
"release_date": "2026-03-24T19:35:47.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling"
}
]
}
WID-SEC-W-2026-1407
Vulnerability from csaf_certbund - Published: 2026-05-06 22:00 - Updated: 2026-06-02 22:00Summary
IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise Certified Container ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise Certified Container ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1407 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1407.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1407 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1407"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271907 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271907"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271908 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271908"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271910"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-85B819B928 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-85b819b928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17123 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17449 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:17449"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273772 vom 2026-05-22",
"url": "https://www.ibm.com/support/pages/node/7273772"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274001 vom 2026-05-25",
"url": "https://www.ibm.com/support/pages/node/7274001"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274746 vom 2026-06-01",
"url": "https://www.ibm.com/support/pages/node/7274746"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274847 vom 2026-06-02",
"url": "https://www.ibm.com/support/pages/node/7274847"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-02T22:00:00.000+00:00",
"generator": {
"date": "2026-06-03T06:13:14.088+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1407",
"initial_release_date": "2026-05-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c13.1.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c13.1.0",
"product_id": "T053656"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 13.1.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 13.1.0",
"product_id": "T053656-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__13.1.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.0.23",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.0.23",
"product_id": "T053657"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.0.23",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.0.23",
"product_id": "T053657-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.0.23"
}
}
},
{
"category": "product_version",
"name": "13.0.1.0-13.0.7.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.1.0-13.0.7.1",
"product_id": "T054485",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1"
}
}
},
{
"category": "product_version",
"name": "12.0.1.0-12.0.12.25",
"product": {
"name": "IBM App Connect Enterprise 12.0.1.0-12.0.12.25",
"product_id": "T054486",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM Maximo Asset Management",
"product": {
"name": "IBM Maximo Asset Management",
"product_id": "T054635",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:-"
}
}
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Web Services",
"product": {
"name": "IBM Sterling Connect:Direct Web Services",
"product_id": "T054967",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:web_services"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9 Multicluster Engine for Kubernetes 2.8.6",
"product": {
"name": "Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6",
"product_id": "T054027",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26013",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-26013"
},
{
"cve": "CVE-2026-27142",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-27142"
},
{
"cve": "CVE-2026-28277",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-28277"
},
{
"cve": "CVE-2026-28684",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-28684"
},
{
"cve": "CVE-2026-32288",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-32288"
},
{
"cve": "CVE-2026-33151",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33151"
},
{
"cve": "CVE-2026-33349",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33349"
},
{
"cve": "CVE-2026-33532",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33532"
},
{
"cve": "CVE-2026-33891",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33891"
},
{
"cve": "CVE-2026-33894",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33894"
},
{
"cve": "CVE-2026-33895",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33895"
},
{
"cve": "CVE-2026-33896",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33896"
},
{
"cve": "CVE-2026-33916",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33916"
},
{
"cve": "CVE-2026-34601",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-34601"
},
{
"cve": "CVE-2026-35469",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-35469"
},
{
"cve": "CVE-2026-39406",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39406"
},
{
"cve": "CVE-2026-39407",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39407"
},
{
"cve": "CVE-2026-39408",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39408"
},
{
"cve": "CVE-2026-39409",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39409"
},
{
"cve": "CVE-2026-39410",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39410"
},
{
"cve": "CVE-2026-39983",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39983"
},
{
"cve": "CVE-2026-40175",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-40175"
},
{
"cve": "CVE-2026-40347",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-40347"
},
{
"cve": "CVE-2026-40895",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-40895"
},
{
"cve": "CVE-2026-41238",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-41238"
},
{
"cve": "CVE-2026-41239",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-41239"
},
{
"cve": "CVE-2026-41240",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-41240"
},
{
"cve": "CVE-2026-4923",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-4923"
},
{
"cve": "CVE-2026-4926",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-4926"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…