Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-41184 (GCVE-0-2021-41184)
Vulnerability from cvelistv5 – Published: 2021-10-26 00:00 – Updated: 2025-11-04 16:09
VLAI?
EPSS
Title
XSS in the `of` option of the `.position()` util
Summary
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:09:17.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"name": "FEDORA-2021-51c256bf87",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "FEDORA-2021-ab38307fc3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "FEDORA-2021-013ab302be",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "FEDORA-2022-9d655503ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "FEDORA-2022-bf18450366",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jquery-ui",
"vendor": "jquery",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:17.867Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"name": "FEDORA-2021-51c256bf87",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "FEDORA-2021-ab38307fc3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "FEDORA-2021-013ab302be",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "FEDORA-2022-9d655503ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "FEDORA-2022-bf18450366",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"source": {
"advisory": "GHSA-gpqq-952q-5327",
"discovery": "UNKNOWN"
},
"title": "XSS in the `of` option of the `.position()` util"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41184",
"datePublished": "2021-10-26T00:00:00.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:09:17.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-41184\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-10-26T15:15:10.460\",\"lastModified\":\"2025-11-04T16:15:43.353\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\"},{\"lang\":\"es\",\"value\":\"jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\u00f3n 1.13.0, aceptar el valor de la opci\u00f3n \\\"of\\\" de la utilidad \\\".position()\\\" de fuentes no confiables pod\u00eda ejecutar c\u00f3digo no confiable. El problema es corregido en jQuery UI versi\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\u00f3n \\\"of\\\" se trata ahora como un selector CSS. Una soluci\u00f3n es no aceptar el valor de la opci\u00f3n \\\"of\\\" de fuentes no confiables\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*\",\"versionEndExcluding\":\"1.13.0\",\"matchCriteriaId\":\"EA897736-789A-461C-86F5-E7470E643213\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.86\",\"matchCriteriaId\":\"013FAABA-8CDD-46AD-B321-9908634C880A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndExcluding\":\"9.2.11\",\"matchCriteriaId\":\"BE1268C5-DEFD-44D8-8994-D93C7839D5C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"7A28F55D-AEB8-454E-B1A9-163C4CB2B38D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.21.0\",\"matchCriteriaId\":\"CAB9A41F-91F1-40DF-BF12-6ADA7229A84C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"48B23728-0050-4AF0-B8B0-A959CBAB4505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC6D658-09EA-4C41-869F-1C2EA163F751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1\",\"matchCriteriaId\":\"384DEDD9-CB26-4306-99D8-83068A9B23ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF828F5-C666-40DA-98DD-CDF658D7090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8865CE15-F9A1-4A46-AF93-B58356BDEE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.11.0\",\"versionEndIncluding\":\"8.14.0\",\"matchCriteriaId\":\"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.6.3\",\"matchCriteriaId\":\"C5F35B8D-6F26-4682-8541-6F10EE2ACE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.25\",\"matchCriteriaId\":\"15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"105BF985-2403-455E-BAA1-509245B54A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"281F1ACB-3180-422C-BADF-B0AE5F50924E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211118-0004/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2022-001\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Aug/37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211118-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2022-001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2022:1729-1
Vulnerability from csaf_suse - Published: 2022-05-18 14:55 - Updated: 2022-05-18 14:55Summary
Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
Notes
Title of the patch
Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
Description of the patch
This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:
Security fixes included on the update:
ardana-barbican:
- Update policies to protect container secret access (SOC-11621)
- Update policies to protect secret metadata access (SOC-11620)
openstack-neutron:
- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).
rubygem-sinatra:
- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).
python-XStatic-jquery-ui:
- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)
- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)
- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)
python-lxml:
- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).
- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).
- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).
- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).
openstack-barbican:
- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).
- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954).
grafana:
- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).
openstack-keystone:
- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).
Non-security fixes included on the update:
Changes in ardana-barbican:
- Update to version 9.0+git.1644879908.8a641c1:
* Update policies to protect container secret access (SOC-11621)
- Update to version 9.0+git.1643052417.9a3348e:
* update policies to protect secret metadata access (SOC-11620)
Changes in grafana:
- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)
* directory traversal vulnerability for .md files
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache
Changes in openstack-barbican:
- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch
and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix
the legacy policy rules for adding a secret to a container and removing
a secret from a container. bsc#1194954,CVE-2022-23452
- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the
legacy policy rules for accessing secret metadata by checking that
the user making the request is authenticated for the project that
owns the secret. bsc#1194952,CVE-2022-23451
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev4:
* Add support for yoga
- Update to version group-based-policy-automation-14.0.1.dev3:
* Python2/3 compatibility fixes
- Update to version group-based-policy-automation-14.0.1.dev2:
* Add support for xena
- Update to version group-based-policy-automation-14.0.1.dev1:
* Remove py27 from gate jobs
14.0.0
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev3:
* Add support for yoga
- Update to version group-based-policy-ui-14.0.1.dev2:
* Python2/3 compatibility changes
- Update to version group-based-policy-ui-14.0.1.dev1:
* Add support for xena
14.0.0
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-keystone:
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-keystone:
- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix
the problem where AccountLocked exception discloses sensitive information.
bsc#1189390,CVE-2021-38155
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev33:
* Populate network mtu for erspan
- Update to version group-based-policy-14.0.1.dev32:
* ERSPAN config error when Openstack port is created in a different project than network it belongs to
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev31:
* Python2/3 compatibility fixes
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev29:
* Fix oslo\_i18n usage
- Update to version group-based-policy-14.0.1.dev27:
* Update mechanism\_driver cache
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev26:
* Add support for xena
- Update to version group-based-policy-14.0.1.dev24:
* update\_floatingip\_status\_while\_deleting\_the\_vm
- Update to version group-based-policy-14.0.1.dev22:
* Updating host id by appending pid in existing host id
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev20:
* Revert 'Add workaround to get\_subnets'
Changes in python-lxml:
- Fix bsc#1179534 (CVE-2020-27783)
mXSS due to the use of improper parser
Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch
- Fix bsc#1118088 (CVE-2018-19787)
lxml/html/clean.py in the lxml.html.clean module does not remove
javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks
Patch file: 0001-CVE-2018-19787.patch
- Fix bsc#1184177 (CVE-2021-28957)
missing input sanitization for formaction HTML5 attributes may lead to XSS
Patch file: 0001-CVE-2021-28957.patch
- Fix bsc#1193752 (CVE-2021-43818)
Cleaner: Remove SVG image data URLs since they can embed script content.
Reported as GHSL-2021-1037 and GHSL-2021-1038
Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch
Changes in openstack-neutron-doc:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Remove cve-2021-40085-stable-rocky.patch (merged upstream)
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085)
* Remove dhcp_extra_opt value after first newline character
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in python-Pillow:
- Add 030-CVE-2022-22817.patch
* From upstream, backported
* Fixes CVE-2022-22817, bsc#1194521
* test from upstream updated for python2
- Add 028-CVE-2022-22815.patch
* From upstream, backported
* Fixes CVE-2022-22815, bsc#1194552
- Add 029-CVE-2022-22816.patch
* From upstream, backported
* Fixes CVE-2022-22816, bsc#1194551
Changes in python-XStatic-jquery-ui:
- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,
CVE-2021-41184, bsc#1192075, CVE-2021-41183)
* Fix XSS in the altField option of the Datepicker widget
(CVE-2021-41182)
* Fix XSS in *Text options of the Datepicker widget
(CVE-2021-41183)
* Fix XSS in the of option of the .position() util
(CVE-2021-41184)
* Drop support for Query 1.7
* Accordion: allow function parameter for selecting header
elements
* Datepicker: add optional onUpdateDatepicker callback
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20220413:
* Update release notes to indicate support for SES7
- Update to version 9.20220112:
* Add reference to keystone bcrypt issue to known limitations (bsc#1186380)
Changes in rubygem-sinatra:
- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)
Patchnames
SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:\n\nSecurity fixes included on the update:\n\nardana-barbican:\n\n- Update policies to protect container secret access (SOC-11621)\n- Update policies to protect secret metadata access (SOC-11620)\n\nopenstack-neutron:\n\n- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).\n\nrubygem-sinatra:\n\n- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).\n\npython-XStatic-jquery-ui:\n\n- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)\n- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)\n- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)\n\npython-lxml:\n\n- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).\n- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).\n- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).\n- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).\n\nopenstack-barbican:\n\n- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).\n- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project\u0027s containers (bsc#1194954).\n\ngrafana:\n\n- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).\n\nopenstack-keystone:\n\n- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).\n\nNon-security fixes included on the update:\n\nChanges in ardana-barbican:\n- Update to version 9.0+git.1644879908.8a641c1:\n * Update policies to protect container secret access (SOC-11621)\n\n- Update to version 9.0+git.1643052417.9a3348e:\n * update policies to protect secret metadata access (SOC-11620)\n\nChanges in grafana:\n- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)\n * directory traversal vulnerability for .md files \n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n * Fix Go net/http: limit growth of header canonicalization cache\n\nChanges in openstack-barbican:\n- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch\n and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix\n the legacy policy rules for adding a secret to a container and removing\n a secret from a container. bsc#1194954,CVE-2022-23452\n\n- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the\n legacy policy rules for accessing secret metadata by checking that\n the user making the request is authenticated for the project that\n owns the secret. bsc#1194952,CVE-2022-23451\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-heat-gbp:\n- Update to version group-based-policy-automation-14.0.1.dev4:\n * Add support for yoga\n\n- Update to version group-based-policy-automation-14.0.1.dev3:\n * Python2/3 compatibility fixes\n\n- Update to version group-based-policy-automation-14.0.1.dev2:\n * Add support for xena\n\n- Update to version group-based-policy-automation-14.0.1.dev1:\n * Remove py27 from gate jobs\n 14.0.0\n\nChanges in openstack-horizon-plugin-gbp-ui:\n- Update to version group-based-policy-ui-14.0.1.dev3:\n * Add support for yoga\n\n- Update to version group-based-policy-ui-14.0.1.dev2:\n * Python2/3 compatibility changes\n\n- Update to version group-based-policy-ui-14.0.1.dev1:\n * Add support for xena\n 14.0.0\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-keystone:\n- Update to version keystone-14.2.1.dev9:\n * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-keystone:\n- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix\n the problem where AccountLocked exception discloses sensitive information.\n bsc#1189390,CVE-2021-38155\n\n- Update to version keystone-14.2.1.dev9:\n * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-neutron-gbp:\n- Update to version group-based-policy-14.0.1.dev33:\n * Populate network mtu for erspan\n\n- Update to version group-based-policy-14.0.1.dev32:\n * ERSPAN config error when Openstack port is created in a different project than network it belongs to\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev31:\n * Python2/3 compatibility fixes\n 2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev29:\n * Fix oslo\\_i18n usage\n\n- Update to version group-based-policy-14.0.1.dev27:\n * Update mechanism\\_driver cache\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev26:\n * Add support for xena\n\n- Update to version group-based-policy-14.0.1.dev24:\n * update\\_floatingip\\_status\\_while\\_deleting\\_the\\_vm\n\n- Update to version group-based-policy-14.0.1.dev22:\n * Updating host id by appending pid in existing host id\n 2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev20:\n * Revert \u0027Add workaround to get\\_subnets\u0027\n\nChanges in python-lxml:\n- Fix bsc#1179534 (CVE-2020-27783)\n mXSS due to the use of improper parser \n Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch\n- Fix bsc#1118088 (CVE-2018-19787)\n lxml/html/clean.py in the lxml.html.clean module does not remove\n javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks\n Patch file: 0001-CVE-2018-19787.patch\n- Fix bsc#1184177 (CVE-2021-28957)\n missing input sanitization for formaction HTML5 attributes may lead to XSS\n Patch file: 0001-CVE-2021-28957.patch\n- Fix bsc#1193752 (CVE-2021-43818)\n Cleaner: Remove SVG image data URLs since they can embed script content.\n Reported as GHSL-2021-1037 and GHSL-2021-1038 \n Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch\n\nChanges in openstack-neutron-doc:\n- Update to version neutron-13.0.8.dev206:\n * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n * [Functional] Wait for the initial state of ha router before test\n * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n * [L3] Use processing queue for network update events\n * Add extra logs to the network update callback in L3 agent\n\n- Update to version neutron-13.0.8.dev192:\n * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Update to version neutron-13.0.8.dev188:\n * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n * [DVR] Send allowed address pairs info to the L3 agents\n * designate: allow PTR zone creation to fail\n * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n * Fix OVS conjunctive IP flows cleanup\n\nChanges in openstack-neutron:\n- Update to version neutron-13.0.8.dev206:\n * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n * [Functional] Wait for the initial state of ha router before test\n * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n * [L3] Use processing queue for network update events\n * Add extra logs to the network update callback in L3 agent\n\n- Remove cve-2021-40085-stable-rocky.patch (merged upstream)\n\n- Update to version neutron-13.0.8.dev192:\n * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085) \n * Remove dhcp_extra_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev188:\n * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n * [DVR] Send allowed address pairs info to the L3 agents\n * designate: allow PTR zone creation to fail\n * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n * Fix OVS conjunctive IP flows cleanup\n\nChanges in python-Pillow:\n- Add 030-CVE-2022-22817.patch\n * From upstream, backported\n * Fixes CVE-2022-22817, bsc#1194521 \n * test from upstream updated for python2\n\n- Add 028-CVE-2022-22815.patch\n * From upstream, backported\n * Fixes CVE-2022-22815, bsc#1194552\n- Add 029-CVE-2022-22816.patch\n * From upstream, backported\n * Fixes CVE-2022-22816, bsc#1194551\n\nChanges in python-XStatic-jquery-ui:\n- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,\n CVE-2021-41184, bsc#1192075, CVE-2021-41183)\n * Fix XSS in the altField option of the Datepicker widget \n (CVE-2021-41182)\n * Fix XSS in *Text options of the Datepicker widget\n (CVE-2021-41183)\n * Fix XSS in the of option of the .position() util\n (CVE-2021-41184)\n * Drop support for Query 1.7\n * Accordion: allow function parameter for selecting header\n elements\n * Datepicker: add optional onUpdateDatepicker callback\n\nChanges in release-notes-suse-openstack-cloud:\n- Update to version 9.20220413:\n * Update release notes to indicate support for SES7\n- Update to version 9.20220112:\n * Add reference to keystone bcrypt issue to known limitations (bsc#1186380)\n\nChanges in rubygem-sinatra:\n- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1729-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1729-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221729-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1729-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
},
{
"category": "self",
"summary": "SUSE Bug 1118088",
"url": "https://bugzilla.suse.com/1118088"
},
{
"category": "self",
"summary": "SUSE Bug 1179534",
"url": "https://bugzilla.suse.com/1179534"
},
{
"category": "self",
"summary": "SUSE Bug 1184177",
"url": "https://bugzilla.suse.com/1184177"
},
{
"category": "self",
"summary": "SUSE Bug 1186380",
"url": "https://bugzilla.suse.com/1186380"
},
{
"category": "self",
"summary": "SUSE Bug 1189390",
"url": "https://bugzilla.suse.com/1189390"
},
{
"category": "self",
"summary": "SUSE Bug 1189794",
"url": "https://bugzilla.suse.com/1189794"
},
{
"category": "self",
"summary": "SUSE Bug 1192070",
"url": "https://bugzilla.suse.com/1192070"
},
{
"category": "self",
"summary": "SUSE Bug 1192073",
"url": "https://bugzilla.suse.com/1192073"
},
{
"category": "self",
"summary": "SUSE Bug 1192075",
"url": "https://bugzilla.suse.com/1192075"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1193688",
"url": "https://bugzilla.suse.com/1193688"
},
{
"category": "self",
"summary": "SUSE Bug 1193752",
"url": "https://bugzilla.suse.com/1193752"
},
{
"category": "self",
"summary": "SUSE Bug 1194521",
"url": "https://bugzilla.suse.com/1194521"
},
{
"category": "self",
"summary": "SUSE Bug 1194551",
"url": "https://bugzilla.suse.com/1194551"
},
{
"category": "self",
"summary": "SUSE Bug 1194552",
"url": "https://bugzilla.suse.com/1194552"
},
{
"category": "self",
"summary": "SUSE Bug 1194952",
"url": "https://bugzilla.suse.com/1194952"
},
{
"category": "self",
"summary": "SUSE Bug 1194954",
"url": "https://bugzilla.suse.com/1194954"
},
{
"category": "self",
"summary": "SUSE Bug 1199138",
"url": "https://bugzilla.suse.com/1199138"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19787 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27783 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28957 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41182 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41183 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41184 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43813 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43818 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22815 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22817 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23451 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23452 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29970/"
}
],
"title": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
"tracking": {
"current_release_date": "2022-05-18T14:55:52Z",
"generator": {
"date": "2022-05-18T14:55:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1729-1",
"initial_release_date": "2022-05-18T14:55:52Z",
"revision_history": [
{
"date": "2022-05-18T14:55:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.aarch64",
"product": {
"name": "grafana-6.7.4-3.26.1.aarch64",
"product_id": "grafana-6.7.4-3.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.aarch64",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.aarch64",
"product_id": "python-Pillow-5.2.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.aarch64",
"product": {
"name": "python-lxml-4.2.4-3.3.1.aarch64",
"product_id": "python-lxml-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
"product_id": "python-lxml-devel-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.aarch64",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.aarch64",
"product_id": "python3-Pillow-5.2.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.aarch64",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.aarch64",
"product_id": "python3-lxml-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"product": {
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"product_id": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product_id": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
"product_id": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"product_id": "openstack-keystone-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
"product_id": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product_id": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
"product_id": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product_id": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"product_id": "python-barbican-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"product_id": "python-cinder-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product_id": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product_id": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"product_id": "python-ironic-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"product_id": "python-keystone-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "python-lxml-doc-4.2.4-3.3.1.noarch",
"product": {
"name": "python-lxml-doc-4.2.4-3.3.1.noarch",
"product_id": "python-lxml-doc-4.2.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"product_id": "python-neutron-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product_id": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product": {
"name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product_id": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
"product": {
"name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
"product_id": "python3-lxml-doc-4.2.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"product": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"product_id": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"product": {
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"product_id": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"product": {
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"product_id": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"product": {
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"product_id": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"product": {
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"product_id": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"product_id": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"product": {
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"product_id": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"product": {
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"product_id": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"product": {
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"product_id": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"product": {
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"product_id": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"product": {
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"product_id": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"product": {
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"product_id": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"product": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"product_id": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"product": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"product_id": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"product": {
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"product_id": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"product": {
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"product_id": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"product": {
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"product_id": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.ppc64le",
"product": {
"name": "grafana-6.7.4-3.26.1.ppc64le",
"product_id": "grafana-6.7.4-3.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.ppc64le",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.ppc64le",
"product_id": "python-Pillow-5.2.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python-lxml-4.2.4-3.3.1.ppc64le",
"product_id": "python-lxml-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
"product_id": "python-lxml-devel-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
"product_id": "python3-Pillow-5.2.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.ppc64le",
"product_id": "python3-lxml-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.s390x",
"product": {
"name": "grafana-6.7.4-3.26.1.s390x",
"product_id": "grafana-6.7.4-3.26.1.s390x"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.s390x",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.s390x",
"product_id": "python-Pillow-5.2.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.s390x",
"product": {
"name": "python-lxml-4.2.4-3.3.1.s390x",
"product_id": "python-lxml-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.s390x",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.s390x",
"product_id": "python-lxml-devel-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.s390x",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.s390x",
"product_id": "python3-Pillow-5.2.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.s390x",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.s390x",
"product_id": "python3-lxml-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.x86_64",
"product": {
"name": "grafana-6.7.4-3.26.1.x86_64",
"product_id": "grafana-6.7.4-3.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.x86_64",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64",
"product_id": "python-Pillow-5.2.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.x86_64",
"product": {
"name": "python-lxml-4.2.4-3.3.1.x86_64",
"product_id": "python-lxml-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
"product_id": "python-lxml-devel-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.x86_64",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.x86_64",
"product_id": "python3-Pillow-5.2.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.x86_64",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.x86_64",
"product_id": "python3-lxml-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
},
"product_reference": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.26.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
},
"product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64"
},
"product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
},
"product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
},
"product_reference": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
},
"product_reference": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
},
"product_reference": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
},
"product_reference": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
},
"product_reference": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
},
"product_reference": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
},
"product_reference": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
},
"product_reference": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
},
"product_reference": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
},
"product_reference": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
},
"product_reference": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
},
"product_reference": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
},
"product_reference": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
},
"product_reference": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
},
"product_reference": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.26.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
},
"product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64"
},
"product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
},
"product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19787"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19787",
"url": "https://www.suse.com/security/cve/CVE-2018-19787"
},
{
"category": "external",
"summary": "SUSE Bug 1118088 for CVE-2018-19787",
"url": "https://bugzilla.suse.com/1118088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2018-19787"
},
{
"cve": "CVE-2020-27783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27783"
}
],
"notes": [
{
"category": "general",
"text": "A XSS vulnerability was discovered in python-lxml\u0027s clean module. The module\u0027s parser didn\u0027t properly imitate browsers, which caused different behaviors between the sanitizer and the user\u0027s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27783",
"url": "https://www.suse.com/security/cve/CVE-2020-27783"
},
{
"category": "external",
"summary": "SUSE Bug 1179534 for CVE-2020-27783",
"url": "https://bugzilla.suse.com/1179534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2020-27783"
},
{
"cve": "CVE-2021-28957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28957"
}
],
"notes": [
{
"category": "general",
"text": "An XSS vulnerability was discovered in python-lxml\u0027s clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28957",
"url": "https://www.suse.com/security/cve/CVE-2021-28957"
},
{
"category": "external",
"summary": "SUSE Bug 1184177 for CVE-2021-28957",
"url": "https://bugzilla.suse.com/1184177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-28957"
},
{
"cve": "CVE-2021-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38155"
}
],
"notes": [
{
"category": "general",
"text": "OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account\u0027s corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38155",
"url": "https://www.suse.com/security/cve/CVE-2021-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1189390 for CVE-2021-38155",
"url": "https://bugzilla.suse.com/1189390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-38155"
},
{
"cve": "CVE-2021-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40085"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40085",
"url": "https://www.suse.com/security/cve/CVE-2021-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1189794 for CVE-2021-40085",
"url": "https://bugzilla.suse.com/1189794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-40085"
},
{
"cve": "CVE-2021-41182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41182"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41182",
"url": "https://www.suse.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "SUSE Bug 1192070 for CVE-2021-41182",
"url": "https://bugzilla.suse.com/1192070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41183"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41183",
"url": "https://www.suse.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "SUSE Bug 1192075 for CVE-2021-41183",
"url": "https://bugzilla.suse.com/1192075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41184"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41184",
"url": "https://www.suse.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "SUSE Bug 1192073 for CVE-2021-41184",
"url": "https://bugzilla.suse.com/1192073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-43813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43813"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://www.suse.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "external",
"summary": "SUSE Bug 1193688 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-43813"
},
{
"cve": "CVE-2021-43818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43818"
}
],
"notes": [
{
"category": "general",
"text": "lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43818",
"url": "https://www.suse.com/security/cve/CVE-2021-43818"
},
{
"category": "external",
"summary": "SUSE Bug 1193752 for CVE-2021-43818",
"url": "https://bugzilla.suse.com/1193752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-43818"
},
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2022-22815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22815"
}
],
"notes": [
{
"category": "general",
"text": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22815",
"url": "https://www.suse.com/security/cve/CVE-2022-22815"
},
{
"category": "external",
"summary": "SUSE Bug 1194552 for CVE-2022-22815",
"url": "https://bugzilla.suse.com/1194552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "low"
}
],
"title": "CVE-2022-22815"
},
{
"cve": "CVE-2022-22816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22816"
}
],
"notes": [
{
"category": "general",
"text": "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22816",
"url": "https://www.suse.com/security/cve/CVE-2022-22816"
},
{
"category": "external",
"summary": "SUSE Bug 1194551 for CVE-2022-22816",
"url": "https://bugzilla.suse.com/1194551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "low"
}
],
"title": "CVE-2022-22816"
},
{
"cve": "CVE-2022-22817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22817"
}
],
"notes": [
{
"category": "general",
"text": "PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22817",
"url": "https://www.suse.com/security/cve/CVE-2022-22817"
},
{
"category": "external",
"summary": "SUSE Bug 1194521 for CVE-2022-22817",
"url": "https://bugzilla.suse.com/1194521"
},
{
"category": "external",
"summary": "SUSE Bug 1219048 for CVE-2022-22817",
"url": "https://bugzilla.suse.com/1219048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-22817"
},
{
"cve": "CVE-2022-23451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23451"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23451",
"url": "https://www.suse.com/security/cve/CVE-2022-23451"
},
{
"category": "external",
"summary": "SUSE Bug 1194952 for CVE-2022-23451",
"url": "https://bugzilla.suse.com/1194952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-23451"
},
{
"cve": "CVE-2022-23452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23452"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23452",
"url": "https://www.suse.com/security/cve/CVE-2022-23452"
},
{
"category": "external",
"summary": "SUSE Bug 1194954 for CVE-2022-23452",
"url": "https://bugzilla.suse.com/1194954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-23452"
},
{
"cve": "CVE-2022-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29970"
}
],
"notes": [
{
"category": "general",
"text": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29970",
"url": "https://www.suse.com/security/cve/CVE-2022-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1199138 for CVE-2022-29970",
"url": "https://bugzilla.suse.com/1199138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2022-29970"
}
]
}
NCSC-2025-0123
Vulnerability from csaf_ncscnl - Published: 2025-04-16 08:37 - Updated: 2025-04-16 08:37Summary
Kwetsbaarheden verholpen in Oracle Database Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-385
Covert Timing Channel
CWE-347
Improper Verification of Cryptographic Signature
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-787
Out-of-bounds Write
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-44
Path Equivalence: 'file.name' (Internal Dot)
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-755
Improper Handling of Exceptional Conditions
CWE-178
Improper Handling of Case Sensitivity
CWE-193
Off-by-one Error
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-523
Unprotected Transport of Credentials
CWE-190
Integer Overflow or Wraparound
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-285
Improper Authorization
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-284
Improper Access Control
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-269
Improper Privilege Management
CWE-287
Improper Authentication
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores vari\u00ebrend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
"title": "CWE-44"
},
{
"category": "general",
"text": "Sensitive Information in Resource Not Removed Before Reuse",
"title": "CWE-226"
},
{
"category": "general",
"text": "Use of Incorrectly-Resolved Name or Reference",
"title": "CWE-706"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Unprotected Transport of Credentials",
"title": "CWE-523"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database Producten",
"tracking": {
"current_release_date": "2025-04-16T08:37:39.412900Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0123",
"initial_release_date": "2025-04-16T08:37:39.412900Z",
"revision_history": [
{
"date": "2025-04-16T08:37:39.412900Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/22.1",
"product": {
"name": "vers:unknown/22.1",
"product_id": "CSAFPID-1304603"
}
}
],
"category": "product_name",
"name": "Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/13.5.0.0",
"product": {
"name": "vers:unknown/13.5.0.0",
"product_id": "CSAFPID-1201359"
}
}
],
"category": "product_name",
"name": "Enterprise Manager for Oracle Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product": {
"name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product_id": "CSAFPID-2698376"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:unknown/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698377"
}
}
],
"category": "product_name",
"name": "GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/23.1",
"product": {
"name": "vers:oracle/23.1",
"product_id": "CSAFPID-1238473"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-1237753"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/20.2",
"product": {
"name": "vers:unknown/20.2",
"product_id": "CSAFPID-1238475"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/23.1",
"product": {
"name": "vers:unknown/23.1",
"product_id": "CSAFPID-1296375"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-1237603"
}
}
],
"category": "product_name",
"name": "Big Data Spatial and Graph"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.3|\u003c=19.22",
"product": {
"name": "vers:oracle/\u003e=19.3|\u003c=19.22",
"product_id": "CSAFPID-1145825"
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.13",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.13",
"product_id": "CSAFPID-1145826"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.3|\u003c=19.26",
"product": {
"name": "vers:oracle/\u003e=19.3|\u003c=19.26",
"product_id": "CSAFPID-2698969",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698968",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.4|\u003c=21.16",
"product": {
"name": "vers:oracle/\u003e=21.4|\u003c=21.16",
"product_id": "CSAFPID-1839905",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product_id": "CSAFPID-2698934",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
}
],
"category": "product_family",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/13.5.0.0",
"product": {
"name": "vers:oracle/13.5.0.0",
"product_id": "CSAFPID-1144644"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Manager for Oracle Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/1.5.0",
"product": {
"name": "vers:oracle/1.5.0",
"product_id": "CSAFPID-2699002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/1.6.0",
"product": {
"name": "vers:oracle/1.6.0",
"product_id": "CSAFPID-2699003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/1.6.1",
"product": {
"name": "vers:oracle/1.6.1",
"product_id": "CSAFPID-2699004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle NoSQL Database"
}
],
"category": "product_family",
"name": "Oracle NoSQL Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
"product": {
"name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
"product_id": "CSAFPID-2699053",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle TimesTen In-Memory Database"
}
],
"category": "product_family",
"name": "Oracle TimesTen In-Memory Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/25.1.0",
"product": {
"name": "vers:oracle/25.1.0",
"product_id": "CSAFPID-2698932",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/25.2.0",
"product": {
"name": "vers:oracle/25.2.0",
"product_id": "CSAFPID-2698931",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
"product": {
"name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
"product_id": "CSAFPID-2698930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
"product": {
"name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
"product_id": "CSAFPID-2698933",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Autonomous Health Framework"
}
],
"category": "product_family",
"name": "Oracle Autonomous Health Framework"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.7.1.0.0",
"product": {
"name": "vers:oracle/21.7.1.0.0",
"product_id": "CSAFPID-2698943",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Essbase"
}
],
"category": "product_family",
"name": "Oracle Essbase"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
"product_id": "CSAFPID-2698949",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product_id": "CSAFPID-2698941",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698942",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product_id": "CSAFPID-2699022",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
"product_id": "CSAFPID-1839977",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
"product": {
"name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
"product_id": "CSAFPID-1840034",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.6",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.6",
"product_id": "CSAFPID-1840035",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate Big Data and Application Adapters"
}
],
"category": "product_family",
"name": "Oracle GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
"product_id": "CSAFPID-1144602"
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003c23.1",
"product": {
"name": "vers:oracle/\u003c23.1",
"product_id": "CSAFPID-1145800"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-356315",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/23.1",
"product": {
"name": "vers:unknown/23.1",
"product_id": "CSAFPID-356152"
}
}
],
"category": "product_name",
"name": "Big Data Spatial and Graph"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/23.4.3",
"product": {
"name": "vers:oracle/23.4.3",
"product_id": "CSAFPID-2699065",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/24.3.0",
"product": {
"name": "vers:oracle/24.3.0",
"product_id": "CSAFPID-2699066",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/23.4.4",
"product": {
"name": "vers:oracle/23.4.4",
"product_id": "CSAFPID-1840017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/24.4.0",
"product": {
"name": "vers:oracle/24.4.0",
"product_id": "CSAFPID-1840013",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Graph Server and Client"
}
],
"category": "product_family",
"name": "Oracle Graph Server and Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=22.4.7",
"product": {
"name": "vers:oracle/\u003c=22.4.7",
"product_id": "CSAFPID-1145419",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=23.4.2",
"product": {
"name": "vers:oracle/\u003c=23.4.2",
"product_id": "CSAFPID-1145421",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=24.1.0",
"product": {
"name": "vers:oracle/\u003c=24.1.0",
"product_id": "CSAFPID-1145422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Graph Server and Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/3.0.6",
"product": {
"name": "vers:oracle/3.0.6",
"product_id": "CSAFPID-1145420",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Big Data Spatial and Graph"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.1",
"product": {
"name": "vers:oracle/12.1.0.1",
"product_id": "CSAFPID-2699109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.2",
"product": {
"name": "vers:oracle/12.1.0.2",
"product_id": "CSAFPID-2699107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.3",
"product": {
"name": "vers:oracle/12.1.0.3",
"product_id": "CSAFPID-2699106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.0",
"product": {
"name": "vers:oracle/18.1.0.0",
"product_id": "CSAFPID-2699110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.1",
"product": {
"name": "vers:oracle/18.1.0.1",
"product_id": "CSAFPID-2698972",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.2",
"product": {
"name": "vers:oracle/18.1.0.2",
"product_id": "CSAFPID-2699108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Secure Backup"
}
],
"category": "product_family",
"name": "Oracle Secure Backup"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/19.3|\u003c=19.26",
"product": {
"name": "vers:semver/19.3|\u003c=19.26",
"product_id": "CSAFPID-2698485"
}
},
{
"category": "product_version_range",
"name": "vers:semver/21.3|\u003c=21.17",
"product": {
"name": "vers:semver/21.3|\u003c=21.17",
"product_id": "CSAFPID-2698486"
}
},
{
"category": "product_version_range",
"name": "vers:semver/23.4|\u003c=23.7",
"product": {
"name": "vers:semver/23.4|\u003c=23.7",
"product_id": "CSAFPID-2698487"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.1",
"product": {
"name": "vers:semver/12.1.0.1",
"product_id": "CSAFPID-2698463"
}
},
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.2",
"product": {
"name": "vers:semver/12.1.0.2",
"product_id": "CSAFPID-2698464"
}
},
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.3",
"product": {
"name": "vers:semver/12.1.0.3",
"product_id": "CSAFPID-2698465"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.0",
"product": {
"name": "vers:semver/18.1.0.0",
"product_id": "CSAFPID-2698466"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.1",
"product": {
"name": "vers:semver/18.1.0.1",
"product_id": "CSAFPID-2698467"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.2",
"product": {
"name": "vers:semver/18.1.0.2",
"product_id": "CSAFPID-2698468"
}
}
],
"category": "product_name",
"name": "Oracle Secure Backup"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-1935"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1938",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-1938"
},
{
"cve": "CVE-2020-9484",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-9484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-9484.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-9484"
},
{
"cve": "CVE-2020-11996",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-11996",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11996.json"
}
],
"title": "CVE-2020-11996"
},
{
"cve": "CVE-2020-13935",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13935.json"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13943",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13943.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-36843",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-36843",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36843.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-36843"
},
{
"cve": "CVE-2021-24122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-24122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-25122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-25329",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25329.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-30640",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-30640.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-33037",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33037.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41079",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41079.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-42575",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-42575.json"
}
],
"title": "CVE-2021-42575"
},
{
"cve": "CVE-2021-43980",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-43980",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43980.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-3786",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "other",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-3786",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3786.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-3786"
},
{
"cve": "CVE-2022-25762",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "other",
"text": "Sensitive Information in Resource Not Removed Before Reuse",
"title": "CWE-226"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-25762",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-25762"
},
{
"cve": "CVE-2022-42252",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42252",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Unprotected Transport of Credentials",
"title": "CWE-523"
},
{
"category": "other",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28708",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28708.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-34053",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-34053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-34053"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-41080",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41080.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45648",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2024-8184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-8184"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11233",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11233",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11233"
},
{
"cve": "CVE-2024-11234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11234"
},
{
"cve": "CVE-2024-11236",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11236",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11236.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11236"
},
{
"cve": "CVE-2024-13176",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-36114",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-36114"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39338",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39338.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53382",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53382.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-53382"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21578",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21578",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21578.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-21578"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
"title": "CWE-44"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Use of Incorrectly-Resolved Name or Reference",
"title": "CWE-706"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24813",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24813.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26791.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-26791"
},
{
"cve": "CVE-2025-30694",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30694",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30694.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30694"
},
{
"cve": "CVE-2025-30701",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30701",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30701.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30701"
},
{
"cve": "CVE-2025-30702",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30702",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30702.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30702"
},
{
"cve": "CVE-2025-30733",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30733",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30733.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30733"
},
{
"cve": "CVE-2025-30736",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30736",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30736.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30736"
}
]
}
NCSC-2024-0294
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-681
Incorrect Conversion between Numeric Types
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-192
Integer Coercion Error
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-295
Improper Certificate Validation
CWE-345
Insufficient Verification of Data Authenticity
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450
Multiple Interpretations of UI Input
CWE-459
Incomplete Cleanup
CWE-476
NULL Pointer Dereference
CWE-502
Deserialization of Untrusted Data
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48174"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26130"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications",
"tracking": {
"current_release_date": "2024-07-17T13:52:53.293003Z",
"id": "NCSC-2024-0294",
"initial_release_date": "2024-07-17T13:52:53.293003Z",
"revision_history": [
{
"date": "2024-07-17T13:52:53.293003Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-204629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-816792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-10086",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json"
}
],
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-204629",
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36033",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42890",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48174",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5685",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37920",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0450",
"cwe": {
"id": "CWE-450",
"name": "Multiple Interpretations of UI Input"
},
"notes": [
{
"category": "other",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6162",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22019",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23897",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28752",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34069"
}
]
}
CERTFR-2022-AVI-370
Vulnerability from certfr_avis - Published: 2022-04-21 - Updated: 2022-04-21
De multiples vulnérabilités ont été découvertes dans Tenable.sc. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.21.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-24828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24828"
},
{
"name": "CVE-2021-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21707"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-41116",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41116"
}
],
"initial_release_date": "2022-04-21T00:00:00",
"last_revision_date": "2022-04-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable.sc.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable.sc",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-09 du 20 avril 2022",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
}
CERTFR-2022-AVI-429
Vulnerability from certfr_avis - Published: 2022-05-10 - Updated: 2022-05-10
De multiples vulnérabilités ont été découvertes dans Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.0.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
}
],
"initial_release_date": "2022-05-10T00:00:00",
"last_revision_date": "2022-05-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-429",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Nessus Network\nMonitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nessus tns-2022-10 du 09 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-10"
}
]
}
CERTFR-2023-AVI-0671
Vulnerability from certfr_avis - Published: 2023-08-21 - Updated: 2023-08-21
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.23 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.16 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.10 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.5 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.23",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40324"
},
{
"name": "CVE-2023-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40323"
},
{
"name": "CVE-2023-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40319"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40318"
},
{
"name": "CVE-2023-40320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40320"
},
{
"name": "CVE-2023-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40322"
},
{
"name": "CVE-2023-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40316"
},
{
"name": "CVE-2023-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40321"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-39369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39369"
},
{
"name": "CVE-2023-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40325"
},
{
"name": "CVE-2023-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40317"
}
],
"initial_release_date": "2023-08-21T00:00:00",
"last_revision_date": "2023-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0671",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0020 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0026 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449647"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0025 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449646"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0024 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449645"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0030 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449651"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0028 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449649"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0029 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449650"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0023 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449644"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0021 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0022 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0027 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449648"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0019 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449640"
}
]
}
CERTFR-2022-AVI-654
Vulnerability from certfr_avis - Published: 2022-07-20 - Updated: 2022-07-20
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Oracle Database version 12.1.0.2
- Oracle Database version 19c
- Oracle Database version 21c
- Oracle Application Express versions antérieures à 22.1.1
Les versions d'Oracle Database qui ne sont plus sous maintenance sont affectées par la vulnérabilité CVE-2022-21510.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eOracle Database version 12.1.0.2\u003c/li\u003e \u003cli\u003eOracle Database version 19c\u003c/li\u003e \u003cli\u003eOracle Database version 21c\u003c/li\u003e \u003cli\u003eOracle Application Express versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes versions d\u0027Oracle Database qui ne sont plus sous maintenance sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-21510.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2020-26185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26185"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21511",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21511"
},
{
"name": "CVE-2022-21565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21565"
},
{
"name": "CVE-2020-29508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2020-35164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
},
{
"name": "CVE-2020-29505",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29505"
},
{
"name": "CVE-2022-21432",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21432"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-29507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29507"
},
{
"name": "CVE-2020-29506",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29506"
},
{
"name": "CVE-2022-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0839"
},
{
"name": "CVE-2020-35166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
},
{
"name": "CVE-2020-35163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
},
{
"name": "CVE-2020-35169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35169"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2022-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21510"
},
{
"name": "CVE-2020-35167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-654",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixDB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#DB"
}
]
}
CERTFR-2022-AVI-205
Vulnerability from certfr_avis - Published: 2022-03-04 - Updated: 2022-03-04
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Control versions ant\u00e9rieures \u00e0 5.4.6",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar SOAR versions ant\u00e9rieures \u00e0 44.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-39031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39031"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-234550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-234550"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
}
],
"initial_release_date": "2022-03-04T00:00:00",
"last_revision_date": "2022-03-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6561029 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6561029"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6561005 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6561005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560969 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6560969"
}
]
}
CERTFR-2022-AVI-904
Vulnerability from certfr_avis - Published: 2022-10-12 - Updated: 2022-10-12
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Enable Now version 10 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420 et 430 | ||
| SAP | N/A | Product–SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011 et 2205 | ||
| SAP | N/A | SAP Data Services Management Console versions 4.2 et 4.3 | ||
| SAP | N/A | SAP SQL Anywhere version 17.0 | ||
| SAP | N/A | SAP Customer Data Cloud (Gigya) version 7.4 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform(Admin Tools/Query Builder) versions 420 et 430 | ||
| SAP | N/A | SAP Business Objects Platform (MonitoringDB) version 430 | ||
| SAP | N/A | SAP Manufacturing Execution versions 15.1, 15.2 et 15.3 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (CommentaryDB) versions 420 et 430 | ||
| SAP | N/A | SAP 3D Visual Enterprise Author version 9 | ||
| SAP | N/A | SAP IQ version 16.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Enable Now version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product\u2013SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011 et 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Data Services Management Console versions 4.2 et 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SQL Anywhere version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Customer Data Cloud (Gigya) version 7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform(Admin Tools/Query Builder) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Objects Platform (MonitoringDB) version 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Manufacturing Execution versions 15.1, 15.2 et 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (CommentaryDB) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Author version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP IQ version 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41185"
},
{
"name": "CVE-2022-41206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41206"
},
{
"name": "CVE-2022-39808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39808"
},
{
"name": "CVE-2022-39803",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39803"
},
{
"name": "CVE-2022-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41175"
},
{
"name": "CVE-2022-41168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41168"
},
{
"name": "CVE-2022-41193",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41193"
},
{
"name": "CVE-2022-41174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41174"
},
{
"name": "CVE-2022-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41183"
},
{
"name": "CVE-2022-39807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39807"
},
{
"name": "CVE-2022-41169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41169"
},
{
"name": "CVE-2022-35296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35296"
},
{
"name": "CVE-2022-35297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35297"
},
{
"name": "CVE-2022-41197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41197"
},
{
"name": "CVE-2022-41189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41189"
},
{
"name": "CVE-2022-41192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41192"
},
{
"name": "CVE-2022-41180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41180"
},
{
"name": "CVE-2022-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41182"
},
{
"name": "CVE-2022-41167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41167"
},
{
"name": "CVE-2022-41191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41191"
},
{
"name": "CVE-2022-39805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39805"
},
{
"name": "CVE-2022-41200",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41200"
},
{
"name": "CVE-2022-41210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41210"
},
{
"name": "CVE-2022-39804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39804"
},
{
"name": "CVE-2022-39800",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39800"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-41178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41178"
},
{
"name": "CVE-2022-41170",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41170"
},
{
"name": "CVE-2022-35226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35226"
},
{
"name": "CVE-2022-41195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41195"
},
{
"name": "CVE-2022-41201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41201"
},
{
"name": "CVE-2022-32244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32244"
},
{
"name": "CVE-2022-41209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41209"
},
{
"name": "CVE-2022-41202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41202"
},
{
"name": "CVE-2022-41172",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41172"
},
{
"name": "CVE-2022-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41190"
},
{
"name": "CVE-2022-41204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41204"
},
{
"name": "CVE-2022-41171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41171"
},
{
"name": "CVE-2022-41199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41199"
},
{
"name": "CVE-2022-41176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41176"
},
{
"name": "CVE-2022-41198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41198"
},
{
"name": "CVE-2022-41181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41181"
},
{
"name": "CVE-2022-41166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41166"
},
{
"name": "CVE-2022-39013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39013"
},
{
"name": "CVE-2022-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41184"
},
{
"name": "CVE-2022-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35292"
},
{
"name": "CVE-2022-39802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39802"
},
{
"name": "CVE-2022-31596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31596"
},
{
"name": "CVE-2022-39015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39015"
},
{
"name": "CVE-2022-41196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41196"
},
{
"name": "CVE-2022-41186",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41186"
},
{
"name": "CVE-2022-41187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41187"
},
{
"name": "CVE-2022-39806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39806"
},
{
"name": "CVE-2022-41177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41177"
},
{
"name": "CVE-2022-41173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41173"
},
{
"name": "CVE-2022-41188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41188"
},
{
"name": "CVE-2022-41179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41179"
},
{
"name": "CVE-2022-41194",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41194"
}
],
"initial_release_date": "2022-10-12T00:00:00",
"last_revision_date": "2022-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-904",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 octobre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2022-AVI-962
Vulnerability from certfr_avis - Published: 2022-10-28 - Updated: 2022-10-28
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2022-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
}
],
"initial_release_date": "2022-10-28T00:00:00",
"last_revision_date": "2022-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-962",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
"url": "https://www.tenable.com/security/tns-2022-21"
}
]
}
CERTFR-2022-AVI-365
Vulnerability from certfr_avis - Published: 2022-04-20 - Updated: 2022-04-20
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster versions 7.5.25 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.35 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.37 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.21 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.29 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster versions 7.5.25 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.35 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.37 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.21 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.29 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
},
{
"name": "CVE-2022-21418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
},
{
"name": "CVE-2022-21435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2022-21452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
},
{
"name": "CVE-2022-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
},
{
"name": "CVE-2022-21440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
},
{
"name": "CVE-2022-21479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
},
{
"name": "CVE-2022-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
},
{
"name": "CVE-2022-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21490"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2022-21457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
},
{
"name": "CVE-2022-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2022-21437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
},
{
"name": "CVE-2022-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
},
{
"name": "CVE-2022-21486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21486"
},
{
"name": "CVE-2022-21489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21489"
},
{
"name": "CVE-2022-21485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21485"
},
{
"name": "CVE-2022-21484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21484"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2022-21462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
},
{
"name": "CVE-2022-21478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
},
{
"name": "CVE-2022-21459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
},
{
"name": "CVE-2022-21412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
},
{
"name": "CVE-2022-21423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21423"
},
{
"name": "CVE-2022-21438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
}
],
"initial_release_date": "2022-04-20T00:00:00",
"last_revision_date": "2022-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-365",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#MSQL"
}
]
}
CERTFR-2023-AVI-0701
Vulnerability from certfr_avis - Published: 2023-08-31 - Updated: 2023-08-31
De multiples vulnérabilités ont été découvertes dans Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Universal Forwarder | Universal Forwarder versions 9.0.x antérieures à 9.0.6 | ||
| Splunk | N/A | Splunk ITSI versions 4.15.x antérieures à 4.15.3 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk Cloud versions antérieures à 9.0.2305.200 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk ITSI versions 4.13.x antérieures à 4.13.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.0.x antérieures à 9.0.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Universal Forwarder versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.15.x ant\u00e9rieures \u00e0 4.15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.0.2305.200",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.13.x ant\u00e9rieures \u00e0 4.13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2022-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2021-27919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27919"
},
{
"name": "CVE-2019-20454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20454"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4571"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2022-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40592"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-40596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40596"
},
{
"name": "CVE-2023-40594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40594"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2023-40595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40595"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"name": "CVE-2023-40597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40597"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-40598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40598"
},
{
"name": "CVE-2013-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7489"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2023-40593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40593"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2021-20066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20066"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"initial_release_date": "2023-08-31T00:00:00",
"last_revision_date": "2023-08-31T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0701",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0802 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0804 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0806 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0810 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0807 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0808 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0808"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0803 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0801 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0805 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0809 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0809"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0811 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0811"
}
]
}
CERTFR-2022-AVI-239
Vulnerability from certfr_avis - Published: 2022-03-14 - Updated: 2022-03-14
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.15 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Client Management Service versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Operations Center versions 8.1.x antérieures à 8.1.14 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x antérieures à 4.0.1 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client Management Service versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2021-39002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-38926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2021-29678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
},
{
"name": "CVE-2020-35508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35508"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-38951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38951"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2021-23727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-38931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
},
{
"name": "CVE-2021-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3139"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-20373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2021-33026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33026"
},
{
"name": "CVE-2020-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2020-35513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35513"
}
],
"initial_release_date": "2022-03-14T00:00:00",
"last_revision_date": "2022-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562471 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562895 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445699 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6445699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562401 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562843 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562849 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562849"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562873 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562383 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562405 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562405"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562919"
}
]
}
CERTFR-2022-AVI-504
Vulnerability from certfr_avis - Published: 2022-05-27 - Updated: 2022-05-27
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions 8.x ant\u00e9rieures \u00e0 8.15.5",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus versions 10.x ant\u00e9rieures \u00e0 10.2.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
}
],
"initial_release_date": "2022-05-27T00:00:00",
"last_revision_date": "2022-05-27T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-504",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-12 du 26 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-12"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-11 du 26 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-11"
}
]
}
CERTFR-2022-AVI-993
Vulnerability from certfr_avis - Published: 2022-11-04 - Updated: 2022-11-04
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2022-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
}
],
"initial_release_date": "2022-11-04T00:00:00",
"last_revision_date": "2022-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-993",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
"url": "https://www.tenable.com/security/tns-2022-21"
}
]
}
CERTFR-2023-AVI-0737
Vulnerability from certfr_avis - Published: 2023-09-13 - Updated: 2023-09-13
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430 | ||
| SAP | N/A | SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
| SAP | N/A | SAP NetWeaver Process Integration versions 7.50 | ||
| SAP | N/A | SAPHANA Database versions 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
| SAP | N/A | S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731 | ||
| SAP | N/A | SAP NetWeaver (Guided Procedures) versions 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200 | ||
| SAP | N/A | SAPSSOEXT versions 17 | ||
| SAP | N/A | Product-SAP BusinessObjects Suite (Installer) versions 420 et 430 | ||
| SAP | N/A | SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800 | ||
| SAP | N/A | SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 | ||
| SAP | N/A | SAPHost Agent versions 722 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420 | ||
| SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
| SAP | N/A | SAP PowerDesignerClient versions 16.7 | ||
| SAP | N/A | S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHANA Database versions 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Guided Procedures) versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPSSOEXT versions 17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product-SAP BusinessObjects Suite (Installer) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHost Agent versions 722",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPContent Server versions 6.50, 7.53, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesignerClient versions 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40309"
},
{
"name": "CVE-2023-25616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25616"
},
{
"name": "CVE-2023-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40306"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-41367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41367"
},
{
"name": "CVE-2023-40624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40624"
},
{
"name": "CVE-2023-41369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41369"
},
{
"name": "CVE-2023-40621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40621"
},
{
"name": "CVE-2023-41368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41368"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-37489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37489"
},
{
"name": "CVE-2023-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42472"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40308"
},
{
"name": "CVE-2023-40622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40622"
},
{
"name": "CVE-2023-40625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40625"
},
{
"name": "CVE-2023-40623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40623"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"initial_release_date": "2023-09-13T00:00:00",
"last_revision_date": "2023-09-13T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2023-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026d=2023-09-13"
}
]
}
CERTFR-2023-AVI-0219
Vulnerability from certfr_avis - Published: 2023-03-14 - Updated: 2023-03-14
De multiples vulnérabilités ont été découvertes dans IBM Sterling B2B Integrator. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.2",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22876"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2014-8152",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8152"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2023-03-14T00:00:00",
"last_revision_date": "2023-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0219",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Sterling B2B\nIntegrator. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Sterling B2B Integrator",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963093 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963093"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963091 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963091"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963103 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963085 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963085"
}
]
}
CERTFR-2022-AVI-386
Vulnerability from certfr_avis - Published: 2022-04-26 - Updated: 2022-04-26
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 antérieure à 7.5.0 UP1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 antérieures à 7.4.3 FP5 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.3 antérieures à 7.3.3 FP11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 ant\u00e9rieure \u00e0 7.5.0 UP1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 ant\u00e9rieures \u00e0 7.4.3 FP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.3 ant\u00e9rieures \u00e0 7.3.3 FP11",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2021-38919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38919"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2021-33929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-38939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38939"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-38874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38874"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-33928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2021-38869",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38869"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2020-24370",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24370"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2020-16135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16135"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-29776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29776"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2021-33930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22345"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-38878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38878"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
}
],
"initial_release_date": "2022-04-26T00:00:00",
"last_revision_date": "2022-04-26T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-386",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574453 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574453"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574787 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574787"
}
]
}
CERTFR-2022-AVI-712
Vulnerability from certfr_avis - Published: 2022-08-08 - Updated: 2022-08-08
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar User Behavior Analytics versions antérieures à 4.1.8 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.8",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-29489",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29489"
}
],
"initial_release_date": "2022-08-08T00:00:00",
"last_revision_date": "2022-08-08T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-712",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6610741 du 05 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6610741"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6610729 du 05 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6610729"
}
]
}
CERTFR-2022-AVI-369
Vulnerability from certfr_avis - Published: 2022-04-20 - Updated: 2022-04-20
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21453",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21453"
},
{
"name": "CVE-2021-28170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
},
{
"name": "CVE-2022-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21441"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
}
],
"initial_release_date": "2022-04-20T00:00:00",
"last_revision_date": "2022-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-369",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#FMW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixFMW"
}
]
}
CERTFR-2022-AVI-658
Vulnerability from certfr_avis - Published: 2022-07-20 - Updated: 2022-07-20
De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | PeopleSoft version 8.59 | ||
| Oracle | PeopleSoft | PeopleSoft version 8.58 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PeopleSoft version 8.59",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft version 8.58",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21512"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21543"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21520"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2022-21521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21521"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixPS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#PS"
}
]
}
WID-SEC-W-2023-1807
Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-12-26 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1807 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1807.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1807 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1807"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Fusion Middleware vom 2023-07-18",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-26T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:51.397+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1807",
"initial_release_date": "2023-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product_id": "618028",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 9.1.0",
"product": {
"name": "Oracle Fusion Middleware 9.1.0",
"product_id": "T022847",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:9.1.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware \u003c 11.1.2.3.1",
"product": {
"name": "Oracle Fusion Middleware \u003c 11.1.2.3.1",
"product_id": "T028708",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:11.1.2.3.1"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26119",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-26119"
},
{
"cve": "CVE-2023-26049",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-26049"
},
{
"cve": "CVE-2023-25690",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-25194",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-25194"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-23914",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-22899",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-22899"
},
{
"cve": "CVE-2023-22040",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-22040"
},
{
"cve": "CVE-2023-22031",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-22031"
},
{
"cve": "CVE-2023-21994",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-21994"
},
{
"cve": "CVE-2023-20863",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-20861",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-20860",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-20860"
},
{
"cve": "CVE-2023-1436",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2022-45688",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2022-45047",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-41966",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-41853",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-41853"
},
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-33879",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-33879"
},
{
"cve": "CVE-2022-31197",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-31197"
},
{
"cve": "CVE-2022-29546",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-29546"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-24409",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-24409"
},
{
"cve": "CVE-2022-23437",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2021-46877",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-46877"
},
{
"cve": "CVE-2021-43113",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-43113"
},
{
"cve": "CVE-2021-42575",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-42575"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-4104",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-4104"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-36374",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-36374"
},
{
"cve": "CVE-2021-36090",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-34429",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-34429"
},
{
"cve": "CVE-2021-33813",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-33813"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-28168",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-28168"
},
{
"cve": "CVE-2021-26117",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-26117"
},
{
"cve": "CVE-2021-23926",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-23926"
},
{
"cve": "CVE-2020-8908",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2020-36518",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2020-17521",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2020-13956",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2020-13936",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T022847",
"618028",
"751674",
"829576"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2020-13936"
}
]
}
WID-SEC-W-2023-1809
Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-07-18 22:00Summary
Oracle Enterprise Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle f\u00fcr Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1809 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1809.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1809 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1809"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Enterprise Manager vom 2023-07-18",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixEM"
}
],
"source_lang": "en-US",
"title": "Oracle Enterprise Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:52.084+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1809",
"initial_release_date": "2023-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Enterprise Manager 12.4.0.0",
"product": {
"name": "Oracle Enterprise Manager 12.4.0.0",
"product_id": "T018973",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:12.4.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Enterprise Manager 13.3.0.1",
"product": {
"name": "Oracle Enterprise Manager 13.3.0.1",
"product_id": "T018974",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.3.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Enterprise Manager 13.5.0.0",
"product": {
"name": "Oracle Enterprise Manager 13.5.0.0",
"product_id": "T020692",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.5.0.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Manager"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25690",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-23305",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-23305"
},
{
"cve": "CVE-2022-22971",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-22971"
},
{
"cve": "CVE-2022-22950",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-22950"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018974",
"T020692"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-41184"
}
]
}
WID-SEC-W-2024-1642
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2024-11-20 23:00Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1642 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1642.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1642 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1642"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Communications vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCGBU"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6016 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9975 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9975"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9976 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9976"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-20T23:00:00.000+00:00",
"generator": {
"date": "2024-11-21T13:09:50.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1642",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_version",
"name": "12.6.1.0.0",
"product": {
"name": "Oracle Communications 12.6.1.0.0",
"product_id": "T027338",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.6.1.0.0"
}
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_version",
"name": "15.0.0.0.0",
"product": {
"name": "Oracle Communications 15.0.0.0.0",
"product_id": "T032090",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_version",
"name": "23.4.1",
"product": {
"name": "Oracle Communications 23.4.1",
"product_id": "T034143",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.1"
}
}
},
{
"category": "product_version",
"name": "23.4.2",
"product": {
"name": "Oracle Communications 23.4.2",
"product_id": "T034144",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0",
"product": {
"name": "Oracle Communications 24.1.0",
"product_id": "T034145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0"
}
}
},
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "Oracle Communications 5.2",
"product_id": "T034146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.3",
"product": {
"name": "Oracle Communications \u003c=23.4.3",
"product_id": "T036195"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.3",
"product": {
"name": "Oracle Communications \u003c=23.4.3",
"product_id": "T036195-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.4",
"product": {
"name": "Oracle Communications \u003c=23.4.4",
"product_id": "T036196"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.4",
"product": {
"name": "Oracle Communications \u003c=23.4.4",
"product_id": "T036196-fixed"
}
},
{
"category": "product_version",
"name": "24.2.0",
"product": {
"name": "Oracle Communications 24.2.0",
"product_id": "T036197",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.8",
"product": {
"name": "Oracle Communications \u003c=8.6.0.8",
"product_id": "T036198"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.8",
"product": {
"name": "Oracle Communications \u003c=8.6.0.8",
"product_id": "T036198-fixed"
}
},
{
"category": "product_version",
"name": "46.6.4",
"product": {
"name": "Oracle Communications 46.6.4",
"product_id": "T036199",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:46.6.4"
}
}
},
{
"category": "product_version",
"name": "46.6.5",
"product": {
"name": "Oracle Communications 46.6.5",
"product_id": "T036200",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:46.6.5"
}
}
},
{
"category": "product_version",
"name": "12.11.3",
"product": {
"name": "Oracle Communications 12.11.3",
"product_id": "T036201",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.3"
}
}
},
{
"category": "product_version",
"name": "12.11.4",
"product": {
"name": "Oracle Communications 12.11.4",
"product_id": "T036202",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.6",
"product": {
"name": "Oracle Communications \u003c=8.6.0.6",
"product_id": "T036203"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.6",
"product": {
"name": "Oracle Communications \u003c=8.6.0.6",
"product_id": "T036203-fixed"
}
},
{
"category": "product_version",
"name": "10.5",
"product": {
"name": "Oracle Communications 10.5",
"product_id": "T036204",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:10.5"
}
}
},
{
"category": "product_version",
"name": "4.1.0",
"product": {
"name": "Oracle Communications 4.1.0",
"product_id": "T036205",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.1.0"
}
}
},
{
"category": "product_version",
"name": "4.2.0",
"product": {
"name": "Oracle Communications 4.2.0",
"product_id": "T036206",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.2.0"
}
}
},
{
"category": "product_version",
"name": "9.2.0",
"product": {
"name": "Oracle Communications 9.2.0",
"product_id": "T036207",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.2.0"
}
}
},
{
"category": "product_version",
"name": "9.3.0",
"product": {
"name": "Oracle Communications 9.3.0",
"product_id": "T036208",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.3.0"
}
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "Oracle Communications 12.11.0",
"product_id": "T036209",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.3",
"product": {
"name": "Oracle Communications \u003c=9.0.3",
"product_id": "T036210"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.3",
"product": {
"name": "Oracle Communications \u003c=9.0.3",
"product_id": "T036210-fixed"
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-5685",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2024-0450",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-22019",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-2961",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-34064",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-34069"
},
{
"cve": "CVE-2024-6162",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-6162"
}
]
}
WID-SEC-W-2024-3217
Vulnerability from csaf_certbund - Published: 2024-10-15 22:00 - Updated: 2024-10-15 22:00Summary
Oracle Utilities Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3217 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3217.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3217 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3217"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Utilities Applications vom 2024-10-15",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixUTIL"
}
],
"source_lang": "en-US",
"title": "Oracle Utilities Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-15T22:00:00.000+00:00",
"generator": {
"date": "2024-10-16T11:15:15.331+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3217",
"initial_release_date": "2024-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "4.0.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.0.0.0.0",
"product_id": "T038412",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "4.0.0.2.0",
"product": {
"name": "Oracle Utilities Applications 4.0.0.2.0",
"product_id": "T038413",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.0.0.2.0"
}
}
},
{
"category": "product_version",
"name": "4.0.0.3.0",
"product": {
"name": "Oracle Utilities Applications 4.0.0.3.0",
"product_id": "T038414",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.0.0.3.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.3.0.6.0",
"product_id": "T038415"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.3.0.6.0",
"product_id": "T038415-fixed"
}
},
{
"category": "product_version",
"name": "4.5.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.5.0.0.0",
"product_id": "T038416",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.5.0.0.0"
}
}
},
{
"category": "product_version",
"name": "2.5.0.1.14",
"product": {
"name": "Oracle Utilities Applications 2.5.0.1.14",
"product_id": "T038417",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.1.14"
}
}
},
{
"category": "product_version",
"name": "2.5.0.2.8",
"product": {
"name": "Oracle Utilities Applications 2.5.0.2.8",
"product_id": "T038418",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.2.8"
}
}
},
{
"category": "product_version",
"name": "2.6.0.1.5",
"product": {
"name": "Oracle Utilities Applications 2.6.0.1.5",
"product_id": "T038419",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.6.0.1.5"
}
}
}
],
"category": "product_name",
"name": "Utilities Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"LOW\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T038416",
"T038417",
"T038418",
"T038419",
"T038412",
"T038413",
"T038414"
],
"last_affected": [
"T038415"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"LOW\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T038416",
"T038417",
"T038418",
"T038419",
"T038412",
"T038413",
"T038414"
],
"last_affected": [
"T038415"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"LOW\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T038416",
"T038417",
"T038418",
"T038419",
"T038412",
"T038413",
"T038414"
],
"last_affected": [
"T038415"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-29025"
}
]
}
WID-SEC-W-2022-2368
Vulnerability from csaf_certbund - Published: 2022-12-19 23:00 - Updated: 2023-01-09 23:00Summary
HCL BigFix: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um die Verfügbarkeit, die Vertraulichkeit und die Integrität zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2368 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2368.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2368 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2368"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6853623 vom 2023-01-09",
"url": "https://www.ibm.com/support/pages/node/6853623"
},
{
"category": "external",
"summary": "HCL Security Bulletin KB0102049 vom 2022-12-17",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102049"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102168"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102140"
}
],
"source_lang": "en-US",
"title": "HCL BigFix: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-09T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:40:12.874+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2368",
"initial_release_date": "2022-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-12-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-01-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix \u003c 10.0.8\u00a0",
"product": {
"name": "HCL BigFix \u003c 10.0.8\u00a0",
"product_id": "T025721",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:10.0.8"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix \u003c 9.5.21",
"product": {
"name": "HCL BigFix \u003c 9.5.21",
"product_id": "T025722",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:9.5.21"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM License Metric Tool",
"product": {
"name": "IBM License Metric Tool",
"product_id": "T016581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44756",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44756"
},
{
"cve": "CVE-2022-42454",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42454"
},
{
"cve": "CVE-2022-42448",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42448"
},
{
"cve": "CVE-2022-39299",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-39299"
},
{
"cve": "CVE-2022-38655",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-38655"
},
{
"cve": "CVE-2022-37616",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-37616"
},
{
"cve": "CVE-2022-33987",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-25896",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-25896"
},
{
"cve": "CVE-2022-25887",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-25887"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-32014",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32014"
},
{
"cve": "CVE-2021-32013",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32013"
},
{
"cve": "CVE-2021-32012",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32012"
}
]
}
WID-SEC-W-2023-1815
Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-07-18 22:00Summary
Oracle Commerce: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Commerce ist eine elektronische Handelsplattform.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Commerce ist eine elektronische Handelsplattform.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1815 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1815.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1815 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1815"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Commerce vom 2023-07-18",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixOCOM"
}
],
"source_lang": "en-US",
"title": "Oracle Commerce: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:53.973+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1815",
"initial_release_date": "2023-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Commerce 11.3.0",
"product": {
"name": "Oracle Commerce 11.3.0",
"product_id": "T018931",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Commerce 11.3.1",
"product": {
"name": "Oracle Commerce 11.3.1",
"product_id": "T018932",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Commerce 11.3.2",
"product": {
"name": "Oracle Commerce 11.3.2",
"product_id": "T018933",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.2"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28439",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-28439"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-45143",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45143"
},
{
"cve": "CVE-2022-41881",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-23437",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-40690",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2019-10086",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2019-10086"
}
]
}
WID-SEC-W-2022-1729
Vulnerability from csaf_certbund - Published: 2021-11-01 23:00 - Updated: 2023-10-05 22:00Summary
jQuery: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1729 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1729.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1729 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1729"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6419-1 vom 2023-10-05",
"url": "https://ubuntu.com/security/notices/USN-6419-1"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBPI03869 vom 2023-10-04",
"url": "https://support.hp.com/us-en/document/ish_9365285-9365309-16/HPSBPI03869"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CONTRIB-2022-004 vom 2022-01-19",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2889 vom 2022-01-19",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2022-011 vom 2022-01-19",
"url": "https://www.drupal.org/sa-core-2022-011"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2022-002 vom 2022-01-19",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"category": "external",
"summary": "Drupal Security Advisory",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1729-1 vom 2022-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://www.tenable.com/security/tns-2022-12"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4711 vom 2022-05-26",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://www.tenable.com/security/tns-2022-11"
},
{
"category": "external",
"summary": "HCL Article KB0097697 vom 2022-04-07",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097697"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10",
"url": "http://www.auscert.org.au/bulletins/ESB-2022.2191"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10 vom 2022-05-09",
"url": "https://www.tenable.com/security/tns-2022-10"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3230 vom 2022-12-07",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html"
}
],
"source_lang": "en-US",
"title": "jQuery: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2023-10-05T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:36:30.047+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1729",
"initial_release_date": "2021-11-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-11-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Drupal und Debian aufgenommen"
},
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-05-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Tenable und Red Hat aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "7",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-9D655503EA, FEDORA-2022-C4334D5277"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-BF18450366"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-10-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "HP LaserJet",
"product": {
"name": "HP LaserJet",
"product_id": "T029061",
"product_identification_helper": {
"cpe": "cpe:/h:hp:laserjet:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Drupal",
"product": {
"name": "Open Source Drupal",
"product_id": "172446",
"product_identification_helper": {
"cpe": "cpe:/a:drupal:drupal:-"
}
}
},
{
"category": "product_name",
"name": "Open Source jQuery UI \u003c 1.13.0",
"product": {
"name": "Open Source jQuery UI \u003c 1.13.0",
"product_id": "T020872",
"product_identification_helper": {
"cpe": "cpe:/a:jquery:jquery:ui__1.13.0"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Tenable Security Nessus",
"product": {
"name": "Tenable Security Nessus",
"product_id": "999278",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:-"
}
}
},
{
"category": "product_name",
"name": "Tenable Security Nessus Network Monitor \u003c 6.0.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c 6.0.1",
"product_id": "T023141",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.0.1"
}
}
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41184"
}
]
}
WID-SEC-W-2023-1017
Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1017 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1017.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1017 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1017"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Financial Services Applications vom 2023-04-18",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixIFLX"
}
],
"source_lang": "en-US",
"title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-04-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:49:16.791+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1017",
"initial_release_date": "2023-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.7.1",
"product": {
"name": "Oracle Financial Services Applications 2.7.1",
"product_id": "T018979",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.7.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.7",
"product": {
"name": "Oracle Financial Services Applications 11.7",
"product_id": "T020695",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.8",
"product": {
"name": "Oracle Financial Services Applications 11.8",
"product_id": "T020696",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.10",
"product": {
"name": "Oracle Financial Services Applications 11.10",
"product_id": "T020698",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.10"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 18.3",
"product": {
"name": "Oracle Financial Services Applications 18.3",
"product_id": "T021669",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:18.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 19.1",
"product": {
"name": "Oracle Financial Services Applications 19.1",
"product_id": "T021670",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:19.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 19.2",
"product": {
"name": "Oracle Financial Services Applications 19.2",
"product_id": "T021671",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:19.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 21.1",
"product": {
"name": "Oracle Financial Services Applications 21.1",
"product_id": "T021673",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:21.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.0",
"product_id": "T022833",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.0",
"product_id": "T022834",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.1",
"product_id": "T022835",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.9.0",
"product": {
"name": "Oracle Financial Services Applications 8.0.9.0",
"product_id": "T022840",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.9.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.0",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.0",
"product_id": "T022841",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.1",
"product_id": "T022844",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.0.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.0.0",
"product_id": "T023923",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.1",
"product_id": "T023924",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.7.0",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.0",
"product_id": "T023925",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.7",
"product": {
"name": "Oracle Financial Services Applications 2.7",
"product_id": "T023927",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.9",
"product": {
"name": "Oracle Financial Services Applications 2.9",
"product_id": "T023928",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.9"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.2",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.2",
"product_id": "T024988",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.2",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.2",
"product_id": "T024990",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.3.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.3.1",
"product_id": "T025878",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications \u003c= 14.7",
"product": {
"name": "Oracle Financial Services Applications \u003c= 14.7",
"product_id": "T027348",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 22.1",
"product": {
"name": "Oracle Financial Services Applications 22.1",
"product_id": "T027349",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 22.2",
"product": {
"name": "Oracle Financial Services Applications 22.2",
"product_id": "T027350",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.4",
"product_id": "T027351",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.3",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.3",
"product_id": "T027352",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.8",
"product": {
"name": "Oracle Financial Services Applications 2.8",
"product_id": "T027353",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 18.2",
"product": {
"name": "Oracle Financial Services Applications 18.2",
"product_id": "T027354",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:18.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.4.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.4.1",
"product_id": "T027358",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 2.9.1",
"product": {
"name": "Oracle Financial Services Applications 2.9.1",
"product_id": "T027359",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.9.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 3.0",
"product": {
"name": "Oracle Financial Services Applications 3.0",
"product_id": "T027360",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 3.1",
"product": {
"name": "Oracle Financial Services Applications 3.1",
"product_id": "T027361",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 3.2",
"product": {
"name": "Oracle Financial Services Applications 3.2",
"product_id": "T027362",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:3.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 4.0",
"product": {
"name": "Oracle Financial Services Applications 4.0",
"product_id": "T027363",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.0.0",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.0.0",
"product_id": "T027364",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.6",
"product": {
"name": "Oracle Financial Services Applications 11.6",
"product_id": "T027365",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.6"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 11.11",
"product": {
"name": "Oracle Financial Services Applications 11.11",
"product_id": "T027366",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:11.11"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.7.1.2",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.1.2",
"product_id": "T027367",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.1.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1.1.7",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.1.7",
"product_id": "T027368",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.7.8.0",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.8.0",
"product_id": "T027369",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1.1.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.1.1",
"product_id": "T027370",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.1.4",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.1.4",
"product_id": "T027371",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.0.1.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.0.1.4",
"product_id": "T027372",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.0.1.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.2.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.2.1",
"product_id": "T027373",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.2.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.7.3.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.3.1",
"product_id": "T027374",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.7.8.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.8.1",
"product_id": "T027375",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.2.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.2.1",
"product_id": "T027376",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1.2.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.2.0",
"product_id": "T027377",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.3.5",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.3.5",
"product_id": "T027378",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.3.5"
}
}
}
],
"category": "product_name",
"name": "Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28708",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-25194",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-25194"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-21915",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21915"
},
{
"cve": "CVE-2023-21908",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21908"
},
{
"cve": "CVE-2023-21907",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21907"
},
{
"cve": "CVE-2023-21906",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21906"
},
{
"cve": "CVE-2023-21905",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21905"
},
{
"cve": "CVE-2023-21904",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21904"
},
{
"cve": "CVE-2023-21903",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21903"
},
{
"cve": "CVE-2023-21902",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21902"
},
{
"cve": "CVE-2022-46908",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-46364",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-46364"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-42889",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-42889"
},
{
"cve": "CVE-2022-42252",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-41881",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-40146",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-29577",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-29577"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-24839",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-24839"
},
{
"cve": "CVE-2022-23437",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2022-22979",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-22979"
},
{
"cve": "CVE-2022-22978",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-22978"
},
{
"cve": "CVE-2022-22971",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-22971"
},
{
"cve": "CVE-2022-2048",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-2048"
},
{
"cve": "CVE-2021-43859",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2021-43859"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-36090",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2020-11988",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2020-11988"
},
{
"cve": "CVE-2019-12415",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T027352",
"T027350",
"T027359",
"T027358",
"T027353",
"T027354",
"T027362",
"T027363",
"T027360",
"T027361",
"T020698",
"T022833",
"T022834",
"T023923",
"T020696",
"T022835",
"T023924",
"T020695",
"T023925",
"T021669",
"T018979",
"T027368",
"T027369",
"T027366",
"T027367",
"T027364",
"T027365",
"T027373",
"T027374",
"T027371",
"T027372",
"T027370",
"T023927",
"T023928",
"T022844",
"T022840",
"T022841",
"T024988",
"T025878",
"T021673",
"T027377",
"T027378",
"T021671",
"T027375",
"T021670",
"T027376",
"T027349",
"T024990"
],
"last_affected": [
"T027348"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2019-12415"
}
]
}
WID-SEC-W-2023-2309
Vulnerability from csaf_certbund - Published: 2023-09-11 22:00 - Updated: 2023-09-11 22:00Summary
SAP Patchday September 2023
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2309 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2309.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2309 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2309"
},
{
"category": "external",
"summary": "SAP Patchday September 2023 vom 2023-09-12",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2023",
"tracking": {
"current_release_date": "2023-09-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:15.189+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2309",
"initial_release_date": "2023-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42472",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-42472"
},
{
"cve": "CVE-2023-41369",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41369"
},
{
"cve": "CVE-2023-41368",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41368"
},
{
"cve": "CVE-2023-41367",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41367"
},
{
"cve": "CVE-2023-40625",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40625"
},
{
"cve": "CVE-2023-40624",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40624"
},
{
"cve": "CVE-2023-40623",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40623"
},
{
"cve": "CVE-2023-40622",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40622"
},
{
"cve": "CVE-2023-40621",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40621"
},
{
"cve": "CVE-2023-40309",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40309"
},
{
"cve": "CVE-2023-40308",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40308"
},
{
"cve": "CVE-2023-40306",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40306"
},
{
"cve": "CVE-2023-37489",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-37489"
},
{
"cve": "CVE-2023-25616",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-25616"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-41272",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2022-41272"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
WID-SEC-W-2023-2229
Vulnerability from csaf_certbund - Published: 2023-08-30 22:00 - Updated: 2025-11-18 23:00Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2229 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2229 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:41.445+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2229",
"initial_release_date": "2023-08-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.1",
"product": {
"name": "Atlassian Confluence \u003c10.1.1",
"product_id": "T048680"
}
},
{
"category": "product_version",
"name": "10.1.1",
"product": {
"name": "Atlassian Confluence 10.1.1",
"product_id": "T048680-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Confluence \u003c10.0.2",
"product_id": "T048685"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Confluence 10.0.2",
"product_id": "T048685-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.7",
"product": {
"name": "Atlassian Confluence \u003c9.2.7",
"product_id": "T048686"
}
},
{
"category": "product_version",
"name": "9.2.7",
"product": {
"name": "Atlassian Confluence 9.2.7",
"product_id": "T048686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.25",
"product": {
"name": "Atlassian Confluence \u003c8.5.25",
"product_id": "T048687"
}
},
{
"category": "product_version",
"name": "8.5.25",
"product": {
"name": "Atlassian Confluence 8.5.25",
"product_id": "T048687-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.25"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Splunk Splunk Enterprise",
"product": {
"name": "Splunk Splunk Enterprise",
"product_id": "T008911",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.1",
"product_id": "T029634"
}
},
{
"category": "product_version",
"name": "9.1.1",
"product": {
"name": "Splunk Splunk Enterprise 9.1.1",
"product_id": "T029634-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.6",
"product_id": "T029635"
}
},
{
"category": "product_version",
"name": "9.0.6",
"product": {
"name": "Splunk Splunk Enterprise 9.0.6",
"product_id": "T029635-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.2.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c8.2.12",
"product_id": "T029636"
}
},
{
"category": "product_version",
"name": "8.2.12",
"product": {
"name": "Splunk Splunk Enterprise 8.2.12",
"product_id": "T029636-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:8.2.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.1",
"product_id": "T033705"
}
},
{
"category": "product_version",
"name": "9.2.1",
"product": {
"name": "Splunk Splunk Enterprise 9.2.1",
"product_id": "T033705-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.4",
"product_id": "T033718"
}
},
{
"category": "product_version",
"name": "9.1.4",
"product": {
"name": "Splunk Splunk Enterprise 9.1.4",
"product_id": "T033718-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.9",
"product_id": "T033720"
}
},
{
"category": "product_version",
"name": "9.0.9",
"product": {
"name": "Splunk Splunk Enterprise 9.0.9",
"product_id": "T033720-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.0.9"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7489",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2013-7489"
},
{
"cve": "CVE-2018-10237",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-20225",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-20225"
},
{
"cve": "CVE-2019-20454",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20454"
},
{
"cve": "CVE-2019-20838",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20838"
},
{
"cve": "CVE-2020-14155",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-14155"
},
{
"cve": "CVE-2020-28469",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28469"
},
{
"cve": "CVE-2020-28851",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28851"
},
{
"cve": "CVE-2020-29652",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-29652"
},
{
"cve": "CVE-2020-8169",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8908",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-20066",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-20066"
},
{
"cve": "CVE-2021-22569",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22569"
},
{
"cve": "CVE-2021-22876",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22945",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23343",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23343"
},
{
"cve": "CVE-2021-23382",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23382"
},
{
"cve": "CVE-2021-27918",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-29060",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29060"
},
{
"cve": "CVE-2021-29425",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-29923",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-31525",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-31566",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31566"
},
{
"cve": "CVE-2021-33194",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33194"
},
{
"cve": "CVE-2021-33195",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-3520",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3572",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3572"
},
{
"cve": "CVE-2021-36221",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-36976",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36976"
},
{
"cve": "CVE-2021-3803",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2021-38297",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38297"
},
{
"cve": "CVE-2021-38561",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-39293",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-39293"
},
{
"cve": "CVE-2021-41182",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41771",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41771"
},
{
"cve": "CVE-2021-41772",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41772"
},
{
"cve": "CVE-2021-43565",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2021-44716",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-1705",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1941",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1941"
},
{
"cve": "CVE-2022-1962",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-22576",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-2309",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2309"
},
{
"cve": "CVE-2022-23491",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23491"
},
{
"cve": "CVE-2022-23772",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24675",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24921",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24921"
},
{
"cve": "CVE-2022-24999",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24999"
},
{
"cve": "CVE-2022-25881",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-25881"
},
{
"cve": "CVE-2022-27191",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-27536",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27536"
},
{
"cve": "CVE-2022-27664",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-27774",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27778",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27780",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-28131",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-28327",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-2879",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2879"
},
{
"cve": "CVE-2022-2880",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-29526",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-29804",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29804"
},
{
"cve": "CVE-2022-30115",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-30580",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30580"
},
{
"cve": "CVE-2022-30629",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30634",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30634"
},
{
"cve": "CVE-2022-30635",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-31129",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-3171",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-32148",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32148"
},
{
"cve": "CVE-2022-32149",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32149"
},
{
"cve": "CVE-2022-32189",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32189"
},
{
"cve": "CVE-2022-32205",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-33987",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-3509",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3509"
},
{
"cve": "CVE-2022-3510",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3510"
},
{
"cve": "CVE-2022-3517",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3517"
},
{
"cve": "CVE-2022-35252",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35737",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-36227",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-36227"
},
{
"cve": "CVE-2022-37599",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37601",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37603",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-38900",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2022-40023",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40023"
},
{
"cve": "CVE-2022-40897",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2022-40899",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40899"
},
{
"cve": "CVE-2022-41715",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41716",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41720",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-41722",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42915",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-46175",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-46175"
},
{
"cve": "CVE-2023-23914",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-24539",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24539"
},
{
"cve": "CVE-2023-24540",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24540"
},
{
"cve": "CVE-2023-27533",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27537",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27537"
},
{
"cve": "CVE-2023-27538",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-29400",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29400"
},
{
"cve": "CVE-2023-29402",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29402"
},
{
"cve": "CVE-2023-29403",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29403"
},
{
"cve": "CVE-2023-29404",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29404"
},
{
"cve": "CVE-2023-29405",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29405"
},
{
"cve": "CVE-2023-40592",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40592"
},
{
"cve": "CVE-2023-40593",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40593"
},
{
"cve": "CVE-2023-40594",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40594"
},
{
"cve": "CVE-2023-40595",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40595"
},
{
"cve": "CVE-2023-40596",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40596"
},
{
"cve": "CVE-2023-40597",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40597"
},
{
"cve": "CVE-2023-40598",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40598"
}
]
}
WID-SEC-W-2022-0169
Vulnerability from csaf_certbund - Published: 2022-04-19 22:00 - Updated: 2024-05-28 22:00Summary
Oracle MySQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- MacOS X
- NetApp Appliance
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- NetApp Appliance\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0169 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0169.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0169 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0169"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5490-1 vom 2022-06-21",
"url": "https://ubuntu.com/security/notices/USN-5490-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2003-1 vom 2022-06-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011247.html"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update April 2022 - Appendix Oracle MySQL vom 2022-04-19",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20220429-0005 vom 2022-04-29",
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5400-1 vom 2022-05-03",
"url": "https://ubuntu.com/security/notices/USN-5400-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5400-2 vom 2022-05-04",
"url": "https://ubuntu.com/security/notices/USN-5400-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5400-3 vom 2022-05-05",
"url": "https://ubuntu.com/security/notices/USN-5400-3"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-098 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-098.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6306 vom 2022-09-01",
"url": "https://access.redhat.com/errata/RHSA-2022:6306"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6518 vom 2022-09-14",
"url": "https://access.redhat.com/errata/RHSA-2022:6518"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6590 vom 2022-09-21",
"url": "https://access.redhat.com/errata/RHSA-2022:6590"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6590 vom 2022-09-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-6590.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1040-3 vom 2022-10-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012505.html"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"category": "external",
"summary": "Oracle Linux Bulletin-October 2022 vom 2022-10-18",
"url": "https://www.oracle.com/security-alerts/linuxbulletinoct2022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7119 vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7119"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7119 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-7119.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-165 vom 2022-11-04",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7464 vom 2022-11-08",
"url": "https://access.redhat.com/errata/RHSA-2022:7464"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7970 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:7970"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7970 vom 2022-11-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-7970.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8860 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8860"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8847 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8847"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8893"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1931 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1931.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1676 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/ALAS-2023-1676.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-1948 vom 2023-02-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1948.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3433 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3433"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-28T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:27:04.345+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0169",
"initial_release_date": "2022-04-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-05-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2022-05-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-05-04T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-05-05T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-06-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-06-21T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-09-01T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-14T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-20T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-21T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-18T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-11-06T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-21T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-15T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-02-22T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "26"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.2R1",
"product": {
"name": "Juniper Junos Space \u003c22.2R1",
"product_id": "T003343"
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.0.29",
"product": {
"name": "Oracle MySQL \u003c=8.0.29",
"product_id": "T022871"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.28",
"product": {
"name": "Oracle MySQL \u003c=8.0.28",
"product_id": "T022872"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.7.37",
"product": {
"name": "Oracle MySQL \u003c=5.7.37",
"product_id": "T022873"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.4.35",
"product": {
"name": "Oracle MySQL \u003c=7.4.35",
"product_id": "T022874"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.5.25",
"product": {
"name": "Oracle MySQL \u003c=7.5.25",
"product_id": "T022875"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.21",
"product": {
"name": "Oracle MySQL \u003c=7.6.21",
"product_id": "T022876"
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "367115",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22570",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-22570"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-42340",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-42340"
},
{
"cve": "CVE-2021-44832",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-44832"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-21412",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21412"
},
{
"cve": "CVE-2022-21413",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21413"
},
{
"cve": "CVE-2022-21414",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21414"
},
{
"cve": "CVE-2022-21415",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21415"
},
{
"cve": "CVE-2022-21417",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21417"
},
{
"cve": "CVE-2022-21418",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21418"
},
{
"cve": "CVE-2022-21423",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21423"
},
{
"cve": "CVE-2022-21425",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21425"
},
{
"cve": "CVE-2022-21427",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21427"
},
{
"cve": "CVE-2022-21435",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21435"
},
{
"cve": "CVE-2022-21436",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21436"
},
{
"cve": "CVE-2022-21437",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21437"
},
{
"cve": "CVE-2022-21438",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21438"
},
{
"cve": "CVE-2022-21440",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21440"
},
{
"cve": "CVE-2022-21444",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21444"
},
{
"cve": "CVE-2022-21451",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21451"
},
{
"cve": "CVE-2022-21452",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21452"
},
{
"cve": "CVE-2022-21454",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21454"
},
{
"cve": "CVE-2022-21457",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21457"
},
{
"cve": "CVE-2022-21459",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21459"
},
{
"cve": "CVE-2022-21460",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21460"
},
{
"cve": "CVE-2022-21462",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21462"
},
{
"cve": "CVE-2022-21478",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21478"
},
{
"cve": "CVE-2022-21479",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21479"
},
{
"cve": "CVE-2022-21482",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21482"
},
{
"cve": "CVE-2022-21483",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21483"
},
{
"cve": "CVE-2022-21484",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21484"
},
{
"cve": "CVE-2022-21485",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21485"
},
{
"cve": "CVE-2022-21486",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21486"
},
{
"cve": "CVE-2022-21489",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21489"
},
{
"cve": "CVE-2022-21490",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21490"
},
{
"cve": "CVE-2022-22965",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-22965"
},
{
"cve": "CVE-2022-23181",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-23305",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-23305"
}
]
}
WID-SEC-W-2023-1027
Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00Summary
Oracle Utilities Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1027 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1027.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1027 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1027"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Utilities Applications vom 2023-04-18",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixUTIL"
}
],
"source_lang": "en-US",
"title": "Oracle Utilities Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-04-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:49:30.495+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1027",
"initial_release_date": "2023-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.2.0.3.0",
"product": {
"name": "Oracle Utilities Applications 4.2.0.3.0",
"product_id": "T027423",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.2.0.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications \u003c= 4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c= 4.3.0.6.0",
"product_id": "T027424",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.3.0.6.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.4.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.4.0.0.0",
"product_id": "T027425",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.4.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.4.0.2.0",
"product": {
"name": "Oracle Utilities Applications 4.4.0.2.0",
"product_id": "T027426",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.4.0.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.4.0.3.0",
"product": {
"name": "Oracle Utilities Applications 4.4.0.3.0",
"product_id": "T027427",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.4.0.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.5.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.5.0.0.0",
"product_id": "T027428",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.5.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.3.0.2",
"product": {
"name": "Oracle Utilities Applications 2.3.0.2",
"product_id": "T027429",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.3.0.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.4.0.1",
"product": {
"name": "Oracle Utilities Applications 2.4.0.1",
"product_id": "T027430",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.4.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.5.0.0",
"product": {
"name": "Oracle Utilities Applications 2.5.0.0",
"product_id": "T027431",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.5.0.1",
"product": {
"name": "Oracle Utilities Applications 2.5.0.1",
"product_id": "T027432",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.1"
}
}
}
],
"category": "product_name",
"name": "Utilities Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41966",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027429",
"T027427",
"T027428",
"T027425",
"T027426",
"T027423",
"T027432",
"T027430",
"T027431"
],
"last_affected": [
"T027424"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-23305",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027429",
"T027427",
"T027428",
"T027425",
"T027426",
"T027423",
"T027432",
"T027430",
"T027431"
],
"last_affected": [
"T027424"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-23305"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027429",
"T027427",
"T027428",
"T027425",
"T027426",
"T027423",
"T027432",
"T027430",
"T027431"
],
"last_affected": [
"T027424"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2020-13936",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027429",
"T027427",
"T027428",
"T027425",
"T027426",
"T027423",
"T027432",
"T027430",
"T027431"
],
"last_affected": [
"T027424"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2020-13936"
}
]
}
WID-SEC-W-2023-2102
Vulnerability from csaf_certbund - Published: 2023-08-20 22:00 - Updated: 2023-08-20 22:00Summary
Moodle: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2102 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2102.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2102 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2102"
},
{
"category": "external",
"summary": "Moodle Security Announcements vom 2023-08-21",
"url": "https://moodle.org/mod/forum/view.php?id=7128"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-08-20T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:57:15.936+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2102",
"initial_release_date": "2023-08-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.2.2",
"product": {
"name": "Open Source Moodle \u003c 4.2.2",
"product_id": "T029425",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.2.2"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.1.5",
"product": {
"name": "Open Source Moodle \u003c 4.1.5",
"product_id": "T029426",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.5"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.0.10",
"product": {
"name": "Open Source Moodle \u003c 4.0.10",
"product_id": "T029427",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.0.10"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 3.11.16",
"product": {
"name": "Open Source Moodle \u003c 3.11.16",
"product_id": "T029428",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:3.11.16"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 3.9.23",
"product": {
"name": "Open Source Moodle \u003c 3.9.23",
"product_id": "T029429",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:3.9.23"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40325",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40325"
},
{
"cve": "CVE-2023-40324",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40324"
},
{
"cve": "CVE-2023-40323",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40323"
},
{
"cve": "CVE-2023-40322",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40322"
},
{
"cve": "CVE-2023-40321",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40321"
},
{
"cve": "CVE-2023-40320",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40320"
},
{
"cve": "CVE-2023-40319",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40319"
},
{
"cve": "CVE-2023-40318",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40318"
},
{
"cve": "CVE-2023-40317",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40317"
},
{
"cve": "CVE-2023-40316",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40316"
},
{
"cve": "CVE-2022-39369",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2022-39369"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
WID-SEC-W-2023-1015
Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2025-12-07 23:00Summary
Oracle Health Sciences Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Health Sciences Applications ist eine Zusammenstellung von Produkten für die Pharma-, Biotechnologie-, Medizin- und Gesundheitsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Health Sciences Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Health Sciences Applications ist eine Zusammenstellung von Produkten f\u00fcr die Pharma-, Biotechnologie-, Medizin- und Gesundheitsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Health Sciences Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1015 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1015.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1015 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1015"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Health Sciences Applications vom 2023-04-18",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixHCAR"
},
{
"category": "external",
"summary": "eSentire Blog vom 2025-02-04",
"url": "https://www.esentire.com/blog/threat-actors-use-cve-2019-18935-to-deliver-reverse-shells-and-juicypotatong-privilege-escalation-tool"
},
{
"category": "external",
"summary": "PoC vom 2025-02-04",
"url": "https://github.com/alanbarret/CVE-2019-18935"
}
],
"source_lang": "en-US",
"title": "Oracle Health Sciences Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-07T23:00:00.000+00:00",
"generator": {
"date": "2025-12-08T10:10:00.918+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-1015",
"initial_release_date": "2023-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "2",
"summary": "Aktive Ausnutzung gemeldet"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "3",
"summary": "PoC aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.2.3",
"product": {
"name": "Oracle Health Sciences Applications \u003c8.2.3",
"product_id": "T021686"
}
},
{
"category": "product_version",
"name": "8.2.3",
"product": {
"name": "Oracle Health Sciences Applications 8.2.3",
"product_id": "T021686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:health_sciences_applications:8.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.3.1.3",
"product": {
"name": "Oracle Health Sciences Applications \u003c6.3.1.3",
"product_id": "T027379"
}
},
{
"category": "product_version",
"name": "6.3.1.3",
"product": {
"name": "Oracle Health Sciences Applications 6.3.1.3",
"product_id": "T027379-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:health_sciences_applications:6.3.1.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.0.1",
"product": {
"name": "Oracle Health Sciences Applications \u003c7.0.0.1",
"product_id": "T027380"
}
},
{
"category": "product_version",
"name": "7.0.0.1",
"product": {
"name": "Oracle Health Sciences Applications 7.0.0.1",
"product_id": "T027380-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:health_sciences_applications:7.0.0.1"
}
}
},
{
"category": "product_version",
"name": "5.4.0.2",
"product": {
"name": "Oracle Health Sciences Applications 5.4.0.2",
"product_id": "T027381",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:health_sciences_applications:5.4.0.2"
}
}
}
],
"category": "product_name",
"name": "Health Sciences Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18935",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2019-18935"
},
{
"cve": "CVE-2021-41184",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2023-21921",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21921"
},
{
"cve": "CVE-2023-21922",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21922"
},
{
"cve": "CVE-2023-21923",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21923"
},
{
"cve": "CVE-2023-21924",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21924"
},
{
"cve": "CVE-2023-21925",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21925"
},
{
"cve": "CVE-2023-21926",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21926"
},
{
"cve": "CVE-2023-21993",
"product_status": {
"known_affected": [
"T021686",
"T027380",
"T027381",
"T027379"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21993"
}
]
}
WID-SEC-W-2024-2180
Vulnerability from csaf_certbund - Published: 2022-04-19 22:00 - Updated: 2024-09-18 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2180 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2024-2180.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2180 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2180"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update April 2022 - Appendix Oracle Fusion Middleware vom 2022-04-19",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixFMW"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-09-18",
"url": "https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-09-18T22:00:00.000+00:00",
"generator": {
"date": "2024-09-19T08:06:58.739+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-2180",
"initial_release_date": "2022-04-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-18T22:00:00.000+00:00",
"number": "2",
"summary": "Aktive Ausnutzung gemeldet"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.1.1.5.0",
"product": {
"name": "Oracle Fusion Middleware 11.1.1.5.0",
"product_id": "150102",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:11.1.1.5.0"
}
}
},
{
"category": "product_version",
"name": "12.2.1.3.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product_id": "618028",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
}
}
},
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "5.5.0.0.0",
"product": {
"name": "Oracle Fusion Middleware 5.5.0.0.0",
"product_id": "T018990",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:5.5.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.5",
"product": {
"name": "Oracle Fusion Middleware 8.5.5",
"product_id": "T018991",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.5"
}
}
},
{
"category": "product_version",
"name": "5.9.0.0.0",
"product": {
"name": "Oracle Fusion Middleware 5.9.0.0.0",
"product_id": "T021683",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:5.9.0.0.0"
}
}
},
{
"category": "product_version",
"name": "12.2.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.2.0.0",
"product_id": "T022845",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.2.0.0"
}
}
},
{
"category": "product_version",
"name": "1.4.10",
"product": {
"name": "Oracle Fusion Middleware 1.4.10",
"product_id": "T022846",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:1.4.10"
}
}
},
{
"category": "product_version",
"name": "9.1.0",
"product": {
"name": "Oracle Fusion Middleware 9.1.0",
"product_id": "T022847",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:9.1.0"
}
}
},
{
"category": "product_version",
"name": "2.4.0",
"product": {
"name": "Oracle Fusion Middleware 2.4.0",
"product_id": "T022848",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:2.4.0"
}
}
},
{
"category": "product_version",
"name": "1.4.7",
"product": {
"name": "Oracle Fusion Middleware 1.4.7",
"product_id": "T022849",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:1.4.7"
}
}
},
{
"category": "product_version",
"name": "2.2.0",
"product": {
"name": "Oracle Fusion Middleware 2.2.0",
"product_id": "T022850",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:2.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=RC1",
"product": {
"name": "Oracle Fusion Middleware \u003c=RC1",
"product_id": "T022915"
}
},
{
"category": "product_version_range",
"name": "\u003c=RC1",
"product": {
"name": "Oracle Fusion Middleware \u003c=RC1",
"product_id": "T022915-fixed"
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11212",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2018-11212"
},
{
"cve": "CVE-2019-0227",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2019-0227"
},
{
"cve": "CVE-2020-17521",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2020-24977",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2020-24977"
},
{
"cve": "CVE-2020-25649",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-7226",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2020-7226"
},
{
"cve": "CVE-2020-8908",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-22901",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-28170",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-28170"
},
{
"cve": "CVE-2021-28657",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-28657"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-30129",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-30129"
},
{
"cve": "CVE-2021-31812",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-31812"
},
{
"cve": "CVE-2021-33037",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-36090",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-37137",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-37137"
},
{
"cve": "CVE-2021-37714",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-37714"
},
{
"cve": "CVE-2021-39275",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-39275"
},
{
"cve": "CVE-2021-40690",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2021-41165",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-41165"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-43797",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2021-44224",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-44224"
},
{
"cve": "CVE-2021-44832",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-44832"
},
{
"cve": "CVE-2022-21404",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21404"
},
{
"cve": "CVE-2022-21419",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21419"
},
{
"cve": "CVE-2022-21420",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21420"
},
{
"cve": "CVE-2022-21421",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21421"
},
{
"cve": "CVE-2022-21441",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21441"
},
{
"cve": "CVE-2022-21445",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21445"
},
{
"cve": "CVE-2022-21448",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21448"
},
{
"cve": "CVE-2022-21453",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21453"
},
{
"cve": "CVE-2022-21492",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21492"
},
{
"cve": "CVE-2022-21497",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21497"
},
{
"cve": "CVE-2022-23305",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-23305"
},
{
"cve": "CVE-2022-23437",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"618028",
"T022848",
"T018990",
"T022849",
"T018991",
"T022845",
"T022846",
"T022847",
"150102",
"T022850",
"751674",
"T021683",
"829576"
],
"last_affected": [
"T022915"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-23437"
}
]
}
GSD-2021-41184
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-41184",
"description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"id": "GSD-2021-41184",
"references": [
"https://www.suse.com/security/cve/CVE-2021-41184.html",
"https://access.redhat.com/errata/RHSA-2022:4711",
"https://ubuntu.com/security/CVE-2021-41184"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-41184"
],
"details": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"id": "GSD-2021-41184",
"modified": "2023-12-13T01:23:27.319934Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jquery-ui",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 1.13.0"
}
]
}
}
]
},
"vendor_name": "jquery"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"refsource": "MISC",
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"name": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211118-0004/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"name": "https://www.drupal.org/sa-core-2022-001",
"refsource": "MISC",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "MISC",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
},
"source": {
"advisory": "GHSA-gpqq-952q-5327",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.13.0",
"affected_versions": "All versions before 1.13.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-08-11",
"description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"fixed_versions": [
"1.13.0"
],
"identifier": "CVE-2021-41184",
"identifiers": [
"CVE-2021-41184",
"GHSA-gpqq-952q-5327"
],
"not_impacted": "All versions starting from 1.13.0",
"package_slug": "npm/jquery-ui",
"pubdate": "2021-10-26",
"solution": "Upgrade to version 1.13.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
"https://nvd.nist.gov/vuln/detail/CVE-2021-41184",
"https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280",
"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"https://security.netapp.com/advisory/ntap-20211118-0004/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"https://www.drupal.org/sa-core-2022-001",
"https://github.com/advisories/GHSA-gpqq-952q-5327"
],
"uuid": "926deaf6-47c5-488f-80fc-541e2494f903"
},
{
"affected_range": "\u003e=7.0,\u003c7.86||\u003e=9.2.0,\u003c9.2.11||\u003e=9.3.0,\u003c9.3.3",
"affected_versions": "All versions starting from 7.0 before 7.86, all versions starting from 9.2.0 before 9.2.11, all versions starting from 9.3.0 before 9.3.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-08-11",
"description": "jQuery-UI is the official jQuery user interface library.Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"fixed_versions": [
"8.0.0"
],
"identifier": "CVE-2021-41184",
"identifiers": [
"CVE-2021-41184",
"GHSA-gpqq-952q-5327"
],
"not_impacted": "All versions before 7.0, all versions starting from 7.86 before 9.2.0, all versions starting from 9.2.11 before 9.3.0, all versions starting from 9.3.3",
"package_slug": "packagist/drupal/drupal",
"pubdate": "2021-10-26",
"solution": "Upgrade to version 8.0.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-41184",
"https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280",
"https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"https://security.netapp.com/advisory/ntap-20211118-0004/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"https://www.drupal.org/sa-core-2022-001"
],
"uuid": "301eab5e-6782-4443-aee5-eff4f3553199"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.11",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.86",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.21.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.25",
"versionStartIncluding": "12.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41184"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"name": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"name": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211118-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"name": "https://www.drupal.org/sa-core-2022-001",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"refsource": "MISC",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-08-31T03:15Z",
"publishedDate": "2021-10-26T15:15Z"
}
}
}
GHSA-GPQQ-952Q-5327
Vulnerability from github – Published: 2021-10-26 14:55 – Updated: 2025-11-04 19:36
VLAI?
Summary
XSS in the `of` option of the `.position()` util in jquery-ui
Details
Impact
Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
my: "left top",
at: "right bottom",
of: "<img onerror='doEvilThing()' src='/404' />",
collision: "none"
} );
will call the doEvilThing() function.
Patches
The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.
Workarounds
A workaround is to not accept the value of the of option from untrusted sources.
For more information
If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery.UI.Combined"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-ui-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41184"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-25T22:06:43Z",
"nvd_published_at": "2021-10-26T15:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAccepting the value of the `of` option of the [`.position()`](https://api.jqueryui.com/position/) util from untrusted sources may execute untrusted code. For example, invoking the following code:\n```js\n$( \"#element\" ).position( {\n\tmy: \"left top\",\n\tat: \"right bottom\",\n\tof: \"\u003cimg onerror=\u0027doEvilThing()\u0027 src=\u0027/404\u0027 /\u003e\",\n\tcollision: \"none\"\n} );\n```\nwill call the `doEvilThing()` function.\n\n### Patches\nThe issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector.\n\n### Workarounds\nA workaround is to not accept the value of the `of` option from untrusted sources.\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don\u0027t find an answer, open a new issue.",
"id": "GHSA-gpqq-952q-5327",
"modified": "2025-11-04T19:36:07Z",
"published": "2021-10-26T14:55:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211118-0004"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery-ui"
},
{
"type": "WEB",
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Aug/37"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XSS in the `of` option of the `.position()` util in jquery-ui"
}
FKIE_CVE-2021-41184
Vulnerability from fkie_nvd - Published: 2021-10-26 15:15 - Updated: 2025-11-04 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 | Patch, Vendor Advisory | |
| security-advisories@github.com | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 | Mitigation, Patch, Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://security.netapp.com/advisory/ntap-20211118-0004/ | Third Party Advisory | |
| security-advisories@github.com | https://www.drupal.org/sa-core-2022-001 | Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
| security-advisories@github.com | https://www.tenable.com/security/tns-2022-09 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2024/Aug/37 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211118-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/sa-core-2022-001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-09 | Patch, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jqueryui | jquery_ui | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| drupal | drupal | * | |
| drupal | drupal | * | |
| drupal | drupal | * | |
| tenable | tenable.sc | * | |
| oracle | agile_plm | 9.3.6 | |
| oracle | application_express | * | |
| oracle | banking_platform | 2.9.0 | |
| oracle | banking_platform | 2.12.0 | |
| oracle | big_data_spatial_and_graph | * | |
| oracle | big_data_spatial_and_graph | 23.1 | |
| oracle | communications_interactive_session_recorder | 6.4 | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_operations_monitor | 5.0 | |
| oracle | hospitality_inventory_management | 9.1.0 | |
| oracle | hospitality_materials_control | 18.1 | |
| oracle | hospitality_suite8 | * | |
| oracle | hospitality_suite8 | 8.10.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| oracle | policy_automation | * | |
| oracle | primavera_unifier | * | |
| oracle | primavera_unifier | 18.8 | |
| oracle | primavera_unifier | 19.12 | |
| oracle | primavera_unifier | 20.12 | |
| oracle | primavera_unifier | 21.12 | |
| oracle | rest_data_services | * | |
| oracle | rest_data_services | 22.1.1 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"matchCriteriaId": "EA897736-789A-461C-86F5-E7470E643213",
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "013FAABA-8CDD-46AD-B321-9908634C880A",
"versionEndExcluding": "7.86",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1268C5-DEFD-44D8-8994-D93C7839D5C2",
"versionEndExcluding": "9.2.11",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A28F55D-AEB8-454E-B1A9-163C4CB2B38D",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB9A41F-91F1-40DF-BF12-6ADA7229A84C",
"versionEndExcluding": "5.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B23728-0050-4AF0-B8B0-A959CBAB4505",
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF828F5-C666-40DA-98DD-CDF658D7090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8865CE15-F9A1-4A46-AF93-B58356BDEE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F4B5F0-6B78-4A94-AD83-6B78D484E298",
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F35B8D-6F26-4682-8541-6F10EE2ACE7E",
"versionEndIncluding": "9.2.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8",
"versionEndIncluding": "12.2.25",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"matchCriteriaId": "105BF985-2403-455E-BAA1-509245B54A1D",
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
"matchCriteriaId": "281F1ACB-3180-422C-BADF-B0AE5F50924E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources."
},
{
"lang": "es",
"value": "jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\u00f3n 1.13.0, aceptar el valor de la opci\u00f3n \"of\" de la utilidad \".position()\" de fuentes no confiables pod\u00eda ejecutar c\u00f3digo no confiable. El problema es corregido en jQuery UI versi\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\u00f3n \"of\" se trata ahora como un selector CSS. Una soluci\u00f3n es no aceptar el valor de la opci\u00f3n \"of\" de fuentes no confiables"
}
],
"id": "CVE-2021-41184",
"lastModified": "2025-11-04T16:15:43.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-26T15:15:10.460",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2024/Aug/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2022:4711
Vulnerability from csaf_redhat - Published: 2022-05-26 16:25 - Updated: 2026-01-08 13:46Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)\n\n* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)\n\n* jquery-ui: XSS in the \u0027of\u0027 option of the .position() util (CVE-2021-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nA list of bugs fixed in this update is available in the Technical Notes book:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4711",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
},
{
"category": "external",
"summary": "655153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655153"
},
{
"category": "external",
"summary": "977778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977778"
},
{
"category": "external",
"summary": "1624015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624015"
},
{
"category": "external",
"summary": "1648985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648985"
},
{
"category": "external",
"summary": "1667517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667517"
},
{
"category": "external",
"summary": "1687845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687845"
},
{
"category": "external",
"summary": "1781241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781241"
},
{
"category": "external",
"summary": "1782056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782056"
},
{
"category": "external",
"summary": "1849169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849169"
},
{
"category": "external",
"summary": "1878930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878930"
},
{
"category": "external",
"summary": "1922977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922977"
},
{
"category": "external",
"summary": "1926625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926625"
},
{
"category": "external",
"summary": "1927985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927985"
},
{
"category": "external",
"summary": "1944290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944290"
},
{
"category": "external",
"summary": "1944834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944834"
},
{
"category": "external",
"summary": "1956295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956295"
},
{
"category": "external",
"summary": "1959186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959186"
},
{
"category": "external",
"summary": "1964208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964208"
},
{
"category": "external",
"summary": "1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "1971622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971622"
},
{
"category": "external",
"summary": "1974741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974741"
},
{
"category": "external",
"summary": "1979441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979441"
},
{
"category": "external",
"summary": "1979797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979797"
},
{
"category": "external",
"summary": "1980192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980192"
},
{
"category": "external",
"summary": "1986726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986726"
},
{
"category": "external",
"summary": "1986834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986834"
},
{
"category": "external",
"summary": "1987121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987121"
},
{
"category": "external",
"summary": "1988496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988496"
},
{
"category": "external",
"summary": "1990462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990462"
},
{
"category": "external",
"summary": "1991240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991240"
},
{
"category": "external",
"summary": "1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "1996123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996123"
},
{
"category": "external",
"summary": "1998255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998255"
},
{
"category": "external",
"summary": "1999698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999698"
},
{
"category": "external",
"summary": "2000031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000031"
},
{
"category": "external",
"summary": "2002283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002283"
},
{
"category": "external",
"summary": "2003883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003883"
},
{
"category": "external",
"summary": "2003996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003996"
},
{
"category": "external",
"summary": "2006602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006602"
},
{
"category": "external",
"summary": "2006745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006745"
},
{
"category": "external",
"summary": "2007384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007384"
},
{
"category": "external",
"summary": "2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "2008798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008798"
},
{
"category": "external",
"summary": "2010203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010203"
},
{
"category": "external",
"summary": "2010903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010903"
},
{
"category": "external",
"summary": "2013928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013928"
},
{
"category": "external",
"summary": "2014888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014888"
},
{
"category": "external",
"summary": "2015796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015796"
},
{
"category": "external",
"summary": "2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "2021217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021217"
},
{
"category": "external",
"summary": "2023250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023250"
},
{
"category": "external",
"summary": "2023786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023786"
},
{
"category": "external",
"summary": "2024202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024202"
},
{
"category": "external",
"summary": "2025936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025936"
},
{
"category": "external",
"summary": "2030596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030596"
},
{
"category": "external",
"summary": "2030663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030663"
},
{
"category": "external",
"summary": "2031027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031027"
},
{
"category": "external",
"summary": "2035051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035051"
},
{
"category": "external",
"summary": "2037115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037115"
},
{
"category": "external",
"summary": "2037121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037121"
},
{
"category": "external",
"summary": "2040361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040361"
},
{
"category": "external",
"summary": "2040402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040402"
},
{
"category": "external",
"summary": "2040474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040474"
},
{
"category": "external",
"summary": "2041544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041544"
},
{
"category": "external",
"summary": "2043146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043146"
},
{
"category": "external",
"summary": "2044273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044273"
},
{
"category": "external",
"summary": "2048546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048546"
},
{
"category": "external",
"summary": "2050566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050566"
},
{
"category": "external",
"summary": "2050614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050614"
},
{
"category": "external",
"summary": "2051857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051857"
},
{
"category": "external",
"summary": "2052557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052557"
},
{
"category": "external",
"summary": "2052690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052690"
},
{
"category": "external",
"summary": "2054756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054756"
},
{
"category": "external",
"summary": "2055136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055136"
},
{
"category": "external",
"summary": "2056021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056021"
},
{
"category": "external",
"summary": "2056052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056052"
},
{
"category": "external",
"summary": "2056126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056126"
},
{
"category": "external",
"summary": "2058264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058264"
},
{
"category": "external",
"summary": "2059521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059521"
},
{
"category": "external",
"summary": "2059877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059877"
},
{
"category": "external",
"summary": "2061904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061904"
},
{
"category": "external",
"summary": "2065052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065052"
},
{
"category": "external",
"summary": "2066084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066084"
},
{
"category": "external",
"summary": "2066283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066283"
},
{
"category": "external",
"summary": "2069972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069972"
},
{
"category": "external",
"summary": "2070156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070156"
},
{
"category": "external",
"summary": "2071468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071468"
},
{
"category": "external",
"summary": "2072637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072637"
},
{
"category": "external",
"summary": "2072639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072639"
},
{
"category": "external",
"summary": "2072641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072641"
},
{
"category": "external",
"summary": "2072642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072642"
},
{
"category": "external",
"summary": "2072645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072645"
},
{
"category": "external",
"summary": "2072646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072646"
},
{
"category": "external",
"summary": "2075352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075352"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4711.json"
}
],
"title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update",
"tracking": {
"current_release_date": "2026-01-08T13:46:28+00:00",
"generator": {
"date": "2026-01-08T13:46:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2022:4711",
"initial_release_date": "2022-05-26T16:25:03+00:00",
"revision_history": [
{
"date": "2022-05-26T16:25:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-26T16:25:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-08T13:46:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd-javadoc@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_id": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-docutils@0.14-12.4.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch"
},
"product_reference": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2007557"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "RHBZ#2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
"url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
},
{
"cve": "CVE-2021-23425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-trim-off-newlines: ReDoS via string processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Directory Server 11 Web UI requires trim-off-newlines as a dependency, but it is not used in the 389-ds cockpit plugin, and not shipped as part of the RPM binary. Thus Red Hat Directory Server 11 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23425"
},
{
"category": "external",
"summary": "RHBZ#1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850",
"url": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850"
}
],
"release_date": "2021-05-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-trim-off-newlines: ReDoS via string processing"
},
{
"cve": "CVE-2021-33502",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1964461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-normalize-url: ReDoS for data URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33502"
},
{
"category": "external",
"summary": "RHBZ#1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
"url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-normalize-url: ReDoS for data URLs"
},
{
"cve": "CVE-2021-41182",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019144"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the altField option of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "RHBZ#2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the altField option of the datepicker widget"
},
{
"cve": "CVE-2021-41183",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019148"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in *Text options of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "RHBZ#2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in *Text options of the datepicker widget"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019153"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "RHBZ#2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util"
}
]
}
OXAS-ADV-2024-0003
Vulnerability from csaf_ox - Published: 2024-04-24 - Updated: 2024-08-19Summary
OX App Suite Security Advisory OXAS-ADV-2024-0003
{
"document": {
"aggregate_severity": {
"text": "MEDIUM"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"lang": "en-US",
"publisher": {
"category": "vendor",
"name": "Open-Xchange GmbH",
"namespace": "https://open-xchange.com/"
},
"references": [
{
"category": "external",
"summary": "Release Notes",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6277_7.10.6_2024-05-06.pdf"
},
{
"category": "self",
"summary": "Canonical CSAF document",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0003.json"
},
{
"category": "self",
"summary": "Markdown representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/md/2024/oxas-adv-2024-0003.md"
},
{
"category": "self",
"summary": "HTML representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0003.html"
},
{
"category": "self",
"summary": "Plain-text representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2024/oxas-adv-2024-0003.txt"
}
],
"title": "OX App Suite Security Advisory OXAS-ADV-2024-0003",
"tracking": {
"current_release_date": "2024-08-19T00:00:00+00:00",
"generator": {
"date": "2024-08-19T07:26:47+00:00",
"engine": {
"name": "OX CSAF",
"version": "1.0.0"
}
},
"id": "OXAS-ADV-2024-0003",
"initial_release_date": "2024-04-24T00:00:00+02:00",
"revision_history": [
{
"date": "2024-04-24T00:00:00+02:00",
"number": "1",
"summary": "Initial release"
},
{
"date": "2024-08-19T00:00:00+00:00",
"number": "2",
"summary": "Public release"
},
{
"date": "2024-08-19T00:00:00+00:00",
"number": "3",
"summary": "Public release"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.10.6-rev61",
"product": {
"name": "OX App Suite backend 7.10.6-rev61",
"product_id": "OXAS-BACKEND_7.10.6-rev61",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev61:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "8.22",
"product": {
"name": "OX App Suite backend 8.22",
"product_id": "OXAS-BACKEND_8.22",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev62",
"product": {
"name": "OX App Suite backend 7.10.6-rev62",
"product_id": "OXAS-BACKEND_7.10.6-rev62",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev62:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "8.23",
"product": {
"name": "OX App Suite backend 8.23",
"product_id": "OXAS-BACKEND_8.23",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "OX App Suite backend"
},
{
"branches": [
{
"category": "product_version",
"name": "7.10.6-rev42",
"product": {
"name": "OX App Suite frontend 7.10.6-rev42",
"product_id": "OXAS-FRONTEND_7.10.6-rev42",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev42:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev43",
"product": {
"name": "OX App Suite frontend 7.10.6-rev43",
"product_id": "OXAS-FRONTEND_7.10.6-rev43",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev43:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6277"
}
]
}
}
}
],
"category": "product_name",
"name": "OX App Suite frontend"
}
],
"category": "vendor",
"name": "Open-Xchange GmbH"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-01T16:15:20+01:00",
"ids": [
{
"system_name": "OX Bug",
"text": "MWB-2525"
}
],
"notes": [
{
"category": "description",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache Commons Compress. This issue affects a Apache Commons Compress library shipped with OX App Suite."
}
],
"product_status": {
"first_fixed": [
"OXAS-BACKEND_7.10.6-rev62",
"OXAS-BACKEND_8.23"
],
"last_affected": [
"OXAS-BACKEND_7.10.6-rev61",
"OXAS-BACKEND_8.22"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-11T14:13:57+02:00",
"details": "Please deploy the provided updates and patch releases. We have updated the vulnerable library as a precaution to avoid potential exploitation.",
"product_ids": [
"OXAS-BACKEND_7.10.6-rev61",
"OXAS-BACKEND_8.22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OXAS-BACKEND_7.10.6-rev61",
"OXAS-BACKEND_8.22"
]
}
],
"threats": [
{
"category": "impact",
"details": "The vulnerability can potentially be exploited through OX App Suite and affect availability of the service."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Apache Commons Compress library is prone to a denial of service (DoS) vulnerability."
},
{
"cve": "CVE-2024-25582",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-30T08:49:22+01:00",
"ids": [
{
"system_name": "OX Bug",
"text": "OXUIB-2718"
}
],
"notes": [
{
"category": "description",
"text": "Module savepoints could be abused to inject references to malicious code delivered through the same domain."
}
],
"product_status": {
"first_fixed": [
"OXAS-FRONTEND_7.10.6-rev43"
],
"last_affected": [
"OXAS-FRONTEND_7.10.6-rev42"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:19:41+02:00",
"details": "Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules.",
"product_ids": [
"OXAS-FRONTEND_7.10.6-rev42"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"OXAS-FRONTEND_7.10.6-rev42"
]
}
],
"threats": [
{
"category": "impact",
"details": "Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "XSS using arbitrary relative path to UI module"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-80",
"name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
},
"discovery_date": "2024-01-15T14:01:36+01:00",
"ids": [
{
"system_name": "OX Bug",
"text": "OXUIB-2699"
}
],
"notes": [
{
"category": "description",
"text": "JQuery third-party components with known vulnerabilities have been shipped."
}
],
"product_status": {
"first_fixed": [
"OXAS-FRONTEND_7.10.6-rev43"
],
"last_affected": [
"OXAS-FRONTEND_7.10.6-rev42"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T15:13:17+01:00",
"details": "Please deploy the provided updates and patch releases. The relevant components have been updated to mitigate potential exploitation.",
"product_ids": [
"OXAS-FRONTEND_7.10.6-rev42"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"OXAS-FRONTEND_7.10.6-rev42"
]
}
],
"threats": [
{
"category": "impact",
"details": "This update serves as a preventive measure since no practical exploitation in the context of OX App Suite is feasible."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Outdated jquery-ui shipped with 7.10.6"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…