Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0778 (GCVE-0-2022-0778)
Vulnerability from cvelistv5 – Published: 2022-03-15 17:05 – Updated: 2026-05-22 13:28
VLAI
EPSS
Title
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Severity
No CVSS data available.
CWE
- Infinite loop
Assigner
References
29 references
Impacted products
Date Public
2022-03-15 00:00
Credits
Tavis Ormandy (Google)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"name": "DSA-5103",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"name": "FEDORA-2022-a5f51502f0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
},
{
"name": "FEDORA-2022-9e88b5d8d7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
},
{
"name": "FEDORA-2022-8bb51f6901",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "BFCClient",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge - OPC UA Connector",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge - SIMATIC S7 Connector App",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "OpenPCS 7 V8.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "OpenPCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "OpenPCS 7 V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM CROSSBOW Station Access Controller (SAC)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions only when running on ROX II \u003c V2.15.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9403",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1750D (JP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.7.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1750D (ROW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.7.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1750D (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.7.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 EEC M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2IA M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2 RD (inkl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (ST/BFOC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G (EIP DEF.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G (EIP def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204 DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216POE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 x FE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 X FE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG (without UL)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Security Configuration Tool (SCT)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Cloud Connect 7 CC712",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Cloud Connect 7 CC716",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1545-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.80",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1626",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1628",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Drive Controller CPU 1504D TF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Drive Controller CPU 1507D TF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Unified Comfort Panels family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V18"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Logon V1.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.6 Upd6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 H",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 U",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V15",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V16 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 SP1 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 TeleControl",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V8.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 SP2 UC04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo (Administration Console)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PDM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.2 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Process Historian OPC UA Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2020 SP1 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF610R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF615R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF650R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF680R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF685R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1217C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511T-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513R-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515R-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515T-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517H-3 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518HF-4 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518T-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.7 HF4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.4 SP1 Update 22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.5 SP2 Update 16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.1",
"status": "affected",
"version": "V5.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCC V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCC V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAUT Software ST7sc",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAUT ST7CC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 343-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 443-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214FC DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515R-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1517H-3 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518F-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518HF-4 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS TIM 1531 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Safety ES V17 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V15.1 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V16 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TeleControl Server Basic V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Administrator",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIM 1531 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:58:00.706Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
}
],
"x_adpType": "supplier"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T13:27:14.476267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T13:28:08.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tavis Ormandy (Google)"
}
],
"datePublic": "2022-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Infinite loop",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:01.186Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"name": "DSA-5103",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"name": "FEDORA-2022-a5f51502f0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
},
{
"name": "FEDORA-2022-9e88b5d8d7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
},
{
"name": "FEDORA-2022-8bb51f6901",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://support.apple.com/kb/HT213257"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"url": "https://support.apple.com/kb/HT213255"
},
{
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-0778",
"datePublished": "2022-03-15T17:05:20.382Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2026-05-22T13:28:08.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-0778",
"date": "2026-05-30",
"epss": "0.06863",
"percentile": "0.91508"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-0778\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2022-03-15T17:15:08.513\",\"lastModified\":\"2026-04-14T10:16:21.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n BN_mod_sqrt(), que calcula una ra\u00edz cuadrada modular, contiene un error que puede causar un bucle eterno para m\u00f3dulos no primos. Internamente, esta funci\u00f3n es usado cuando son analizados certificados que contienen claves p\u00fablicas de curva el\u00edptica en forma comprimida o par\u00e1metros de curva el\u00edptica expl\u00edcitos con un punto base codificado en forma comprimida. Es posible desencadenar el bucle infinito si es dise\u00f1ado un certificado con par\u00e1metros de curva expl\u00edcitos no v\u00e1lidos. Dado que el an\u00e1lisis del certificado es realizado antes de la verificaci\u00f3n de la firma del certificado, cualquier proceso que analice un certificado suministrado externamente puede ser objeto de un ataque de denegaci\u00f3n de servicio. El bucle infinito tambi\u00e9n puede alcanzarse cuando son analizadas claves privadas dise\u00f1adas, ya que pueden contener par\u00e1metros expl\u00edcitos de la curva el\u00edptica. Por lo tanto, las situaciones vulnerables incluyen: - Clientes TLS que consumen certificados de servidor - Servidores TLS que consumen certificados de cliente - Proveedores de hosting que toman certificados o claves privadas de clientes - Autoridades de certificaci\u00f3n que analizan peticiones de certificaci\u00f3n de suscriptores - Cualquier otra cosa que analice par\u00e1metros de curva el\u00edptica ASN.1 Tambi\u00e9n cualquier otra aplicaci\u00f3n que utilice BN_mod_sqrt() donde el atacante pueda controlar los valores de los par\u00e1metros es vulnerable a este problema de DoS. En OpenSSL versi\u00f3n 1.0.2, la clave p\u00fablica no es analizada durante el an\u00e1lisis inicial del certificado, lo que dificulta ligeramente la activaci\u00f3n del bucle infinito. Sin embargo, cualquier operaci\u00f3n que requiera la clave p\u00fablica del certificado desencadenar\u00e1 el bucle infinito. En particular, el atacante puede usar un certificado autofirmado para desencadenar el bucle durante la verificaci\u00f3n de la firma del certificado. Este problema afecta a OpenSSL versiones 1.0.2, 1.1.1 y 3.0. Fue abordado en las versiones 1.1.1n y 3.0.2 del 15 de marzo de 2022. Corregido en OpenSSL versi\u00f3n 3.0.2 (Afectado 3.0.0,3.0.1). Corregido en OpenSSL versi\u00f3n 1.1.1n (Afectado 1.1.1-1.1.1m). Corregido en OpenSSL versi\u00f3n 1.0.2zd (Afectado 1.0.2-1.0.2zc)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2zd\",\"matchCriteriaId\":\"F3BC593C-D7BB-42A8-9488-BE910A8C3B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.1.1n\",\"matchCriteriaId\":\"16D7B14C-9D04-40AC-9FCE-73D3DF468DB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.2\",\"matchCriteriaId\":\"E7225F27-E0BC-4716-AF68-8D68EE90F7CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280AA828-6FA9-4260-8EC1-019423B966E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62347994-1353-497C-9C4A-D5D8D95F67E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"361B791A-D336-4431-8F68-8135BEFFAEA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1236B66D-EB11-4324-929F-E2B86683C3C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"281DFC67-46BB-4FC2-BE03-3C65C9311F65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECF32BB1-9A58-4821-AE49-5D5C8200631F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F21DE67F-CDFD-4D36-9967-633CD0240C6F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.15.4\",\"matchCriteriaId\":\"1188273E-D496-41A9-AE16-75C0EB70EFB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.1.2\",\"matchCriteriaId\":\"644DD241-261E-41A3-86B5-C0834502EA81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2.0\",\"versionEndExcluding\":\"10.2.42\",\"matchCriteriaId\":\"49CFE4A3-DDFC-4801-8C68-510EB5CFBC36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndExcluding\":\"10.3.33\",\"matchCriteriaId\":\"F8EB13E9-AFD7-4E82-A471-61201460CAC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4.0\",\"versionEndExcluding\":\"10.4.23\",\"matchCriteriaId\":\"3EFE42EF-DB07-4DD4-A40C-6DD6A7D1E6DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5.0\",\"versionEndExcluding\":\"10.5.14\",\"matchCriteriaId\":\"E3C63CE6-6B86-4C48-8D30-DC74CA83C5EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndExcluding\":\"10.6.6\",\"matchCriteriaId\":\"09ADA35C-125F-4970-ACB7-36A9CC3516BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.7.0\",\"versionEndExcluding\":\"10.7.2\",\"matchCriteriaId\":\"E0435104-B0F9-4997-A769-36821689DF45\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.12.0\",\"matchCriteriaId\":\"564ED5C8-50D7-413A-B88E-E62B6C07336A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"12.13.0\",\"versionEndExcluding\":\"12.22.11\",\"matchCriteriaId\":\"274A9803-2997-4E65-BDB0-8B5C23120CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartExcluding\":\"14.0.0\",\"versionEndIncluding\":\"14.14.0\",\"matchCriteriaId\":\"05678B4E-5F27-4096-8E9B-38B84A7E7793\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"14.15.0\",\"versionEndExcluding\":\"14.19.1\",\"matchCriteriaId\":\"CECEE1EE-B2A2-476B-82AE-48DFF6F1729A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartExcluding\":\"16.0.0\",\"versionEndIncluding\":\"16.12.0\",\"matchCriteriaId\":\"DC9C8402-7102-4BCF-8A49-CFDF1C59B92F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"16.13.0\",\"versionEndExcluding\":\"16.14.2\",\"matchCriteriaId\":\"3DF34038-6987-4196-B5E7-FF5656D1EE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartExcluding\":\"17.0.0\",\"versionEndExcluding\":\"17.7.2\",\"matchCriteriaId\":\"0AD8D8BB-702C-4FDF-A0A2-872744B8BF68\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/33\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/35\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-02\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220321-0002/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220429-0005/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://support.apple.com/kb/HT213255\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213256\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213257\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5103\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20220315.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-06\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-07\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-08\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220321-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220429-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT213255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20220315.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-019200.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-028723.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-108696.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-398330.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-712929.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20220315.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5103\", \"name\": \"DSA-5103\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html\", \"name\": \"[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html\", \"name\": \"[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/\", \"name\": \"FEDORA-2022-a5f51502f0\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/\", \"name\": \"FEDORA-2022-9e88b5d8d7\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/\", \"name\": \"FEDORA-2022-8bb51f6901\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220321-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-06\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-07\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-08\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/33\", \"name\": \"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/35\", \"name\": \"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/38\", \"name\": \"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213257\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213256\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213255\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-09\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220429-0005/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-02\", \"name\": \"GLSA-202210-02\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:40:03.765Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"BFCClient\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge - OPC UA Connector\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V1.7\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge - SIMATIC S7 Connector App\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V1.7\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"OpenPCS 7 V8.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"OpenPCS 7 V9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"OpenPCS 7 V9.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM CROSSBOW Station Access Controller (SAC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions only when running on ROX II \u003c V2.15.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RM1224 LTE(4G) EU\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RM1224 LTE(4G) NAM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000RE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1400\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1500\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1501\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1510\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1511\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1512\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1524\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1536\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9403\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M804PB\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M812-1 ADSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M812-1 ADSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M816-1 ADSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M816-1 ADSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M826-2 SHDSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-3 (ROK)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4 (NAM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (RoW)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE S615 EEC LAN-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE S615 LAN-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC622-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.3.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC632-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.3.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC636-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.3.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC642-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.3.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC646-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.3.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1748-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1748-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1750D (JP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V8.7.1.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1750D (ROW)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V8.7.1.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1750D (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V8.7.1.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1788-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1788-2 EEC M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1788-2 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W1788-2IA M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W721-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W721-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W721-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W721-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W722-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W722-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W722-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W722-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W722-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W722-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W734-1 RJ45 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W738-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W738-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W738-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W738-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W748-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W761-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W761-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W761-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W761-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W774-1 RJ45 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12 EEC (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W778-1 M12 EEC (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 SFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 SFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 SFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2 SFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2IA RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2IA RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2IA RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W786-2IA RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-1 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 M12 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE W788-2 RJ45\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X200-4P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2FM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2LD TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X206-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X206-1LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X208PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X212-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X212-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X216\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X224\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X304-2FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X306-1LD FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2 RD (inkl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH+\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH+\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X320-1 FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X320-1-2LD FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X408-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB205-3 (SC, PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB205-3 (ST, E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB205-3 (ST, E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB205-3 (ST, PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB205-3LD (SC, E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB205-3LD (SC, PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB208 (E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB208 (PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB213-3 (SC, E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB213-3 (SC, PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB213-3 (ST, E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB213-3 (ST, PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB213-3LD (SC, E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB213-3LD (SC, PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB216 (E/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XB216 (PN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2 (SC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2 (ST/BFOC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2G PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2G PoE (54 V DC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2G PoE EEC (54 V DC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2SFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2SFP EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2SFP G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2SFP G (EIP DEF.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC206-2SFP G EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208G (EIP def.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208G EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208G PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC208G PoE (54 V DC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216-3G PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216-3G PoE (54 V DC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216-4C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216-4C G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216-4C G (EIP Def.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216-4C G EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC216EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC224\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC224-4C G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC224-4C G (EIP Def.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC224-4C G EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204 DNA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2BA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2BA DNA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2BA IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF206-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XM408-4C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XM408-4C (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XM408-8C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XM408-8C (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XM416-4C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XM416-4C (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP208 (Ethernet/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP208EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP208PoE EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP216\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP216 (Ethernet/IP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP216EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XP216POE EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M TS (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M TS (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE TS (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE TS (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324WG (24 x FE, AC 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324WG (24 X FE, DC 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-2C PoE WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-2C PoE WG (without UL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR328-4C WG (28xGE, AC 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR328-4C WG (28xGE, DC 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8C, 1x230V\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8C, 1x230V (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8C, 24V\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8C, 24V (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8C, 2x230V\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8C, 2x230V (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8C, 1x230V\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8C, 1x230V (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8C, 24V\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8C, 24V (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8C, 2x230V\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8C, 2x230V (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR528-6M\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR528-6M (2HR2, L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR528-6M (2HR2)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR528-6M (L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR552-12M\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR552-12M (2HR2, L3 int.)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR552-12M (2HR2)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR552-12M (2HR2)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V6.5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Security Configuration Tool (SCT)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Cloud Connect 7 CC712\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V1.9\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Cloud Connect 7 CC716\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V1.9\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1242-7 V2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-7 LTE EU\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-7 LTE US\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-8 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1542SP-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.2.28\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1543-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.37\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1543SP-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.2.28\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1545-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.1.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1626\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1628\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 343-1 Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 443-1 Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 443-1 OPC UA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Drive Controller CPU 1504D TF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Drive Controller CPU 1507D TF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1510SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1510SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1510SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1510SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1512SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1512SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1512SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP CPU 1512SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V21.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Unified Comfort Panels family\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V18\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Logon V1.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.6 Upd6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V3.3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV550 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V3.3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV550 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V3.3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV560 U\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V3.3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV560 X\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V3.3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC NET PC Software V14\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC NET PC Software V15\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC NET PC Software V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V16 Update 6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC NET PC Software V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 SP1 Update 1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS 7 TeleControl\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.1 Update 1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS 7 V8.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS 7 V9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS 7 V9.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.1 SP2 UC04\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo (Administration Console)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PDM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.2 SP2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Process Historian OPC UA Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2020 SP1 Update 1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF166C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF185C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF186C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF186CI\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF188C\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF188CI\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF360R\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V2.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF610R\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V4.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF615R\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V4.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF650R\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V4.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF680R\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V4.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RF685R\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V4.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1211C AC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1211C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1211C DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1212C AC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1212C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1212C DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1212FC DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1212FC DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1214C AC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1214C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1214C DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1214FC DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1214FC DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1215C AC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1215C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1215C DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1215FC DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1215FC DC/DC/Rly\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU 1217C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511C-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511C-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511T-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1511TF-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1512C-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1512C-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1513R-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515R-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515T-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1515TF-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516T-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1516TF-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1517-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1517F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1517H-3 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1517T-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1517TF-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518HF-4 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518T-4 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518TF-4 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 Software Controller V2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V21.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-PLCSIM Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V15.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.7 HF4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V17 Update 5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V15.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V7.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V7.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.4 SP1 Update 22\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V7.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V7.5 SP2 Update 16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOCODE ES V15.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOCODE ES V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOCODE ES V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION\", \"versions\": [{\"status\": \"affected\", \"version\": \"V5.1\", \"lessThan\": \"V5.5.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION SCOUT TIA V5.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION SCOUT TIA V5.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS DCC V15.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS DCC V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS Startdrive V15.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS Startdrive V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS Startdrive V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAUT Software ST7sc\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAUT ST7CC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC INS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0 SP2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0 SP3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEMA Remote Connect Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CP 1543SP-1 ISEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.2.28\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.2.28\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1510SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1510SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1510SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1510SP-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1510SP-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CPU 1512SP-1 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 1242-7 V2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 1543-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.37\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 343-1 Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 443-1 Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE XC206-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE XC206-2SFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE XC208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE XC216-4C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CP 1243-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CP 1243-1 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212 AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212 DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212 DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212C AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214 AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214 DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214C DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214FC DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1214FC DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215 DC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215C AC/DC/RLY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215C DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CPU 1215FC DC/DC/DC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511-1 PN TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1511F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1513F-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1515F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1515F-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1515F-2 PN RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1515R-2 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516F-3 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.9.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1517H-3 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518F-4 PN/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518HF-4 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS TIM 1531 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.4.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Safety ES V17 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Soft Starter ES V15.1 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Soft Starter ES V16 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Soft Starter ES V17 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TeleControl Server Basic V3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.1.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIA Administrator\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIA Portal Cloud V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIA Portal Cloud V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIM 1531 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.4.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.0\", \"lessThan\": \"V3.1.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.0\", \"lessThan\": \"V3.1.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.0\", \"lessThan\": \"V3.1.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.0\", \"lessThan\": \"V3.1.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.0\", \"lessThan\": \"V3.1.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-712929.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-398330.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-108696.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-028723.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-019200.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-04-14T08:58:00.706Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-0778\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-22T13:27:14.476267Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T13:27:44.600Z\"}}], \"cna\": {\"title\": \"Infinite loop in BN_mod_sqrt() reachable when parsing certificates\", \"credits\": [{\"lang\": \"en\", \"value\": \"Tavis Ormandy (Google)\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"url\": \"https://www.openssl.org/policies/secpolicy.html#High\", \"lang\": \"eng\", \"value\": \"High\"}}}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)\"}, {\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)\"}, {\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)\"}]}], \"datePublic\": \"2022-03-15T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20220315.txt\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5103\", \"name\": \"DSA-5103\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html\", \"name\": \"[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html\", \"name\": \"[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/\", \"name\": \"FEDORA-2022-a5f51502f0\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/\", \"name\": \"FEDORA-2022-9e88b5d8d7\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/\", \"name\": \"FEDORA-2022-8bb51f6901\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220321-0002/\"}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002\"}, {\"url\": \"https://www.tenable.com/security/tns-2022-06\"}, {\"url\": \"https://www.tenable.com/security/tns-2022-07\"}, {\"url\": \"https://www.tenable.com/security/tns-2022-08\"}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/33\", \"name\": \"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/35\", \"name\": \"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/38\", \"name\": \"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\"}, {\"url\": \"https://support.apple.com/kb/HT213257\"}, {\"url\": \"https://support.apple.com/kb/HT213256\"}, {\"url\": \"https://support.apple.com/kb/HT213255\"}, {\"url\": \"https://www.tenable.com/security/tns-2022-09\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220429-0005/\"}, {\"url\": \"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf\"}, {\"url\": \"https://security.gentoo.org/glsa/202210-02\", \"name\": \"GLSA-202210-02\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Infinite loop\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2024-06-21T19:07:01.186Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-0778\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-22T13:28:08.544Z\", \"dateReserved\": \"2022-02-28T00:00:00.000Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2022-03-15T17:05:20.382Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2022:1461-1
Vulnerability from csaf_suse - Published: 2022-04-28 14:25 - Updated: 2022-04-28 14:25Summary
Security update for nodejs12
Severity
Important
Notes
Title of the patch: Security update for nodejs12
Description of the patch: This update for nodejs12 fixes the following issues:
- CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247).
- CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283).
- CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).
Patchnames: SUSE-2022-1461,SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1461,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1461,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1461,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1461,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1461,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1461,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1461,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1461,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1461,SUSE-Storage-7-2022-1461,openSUSE-SLE-15.3-2022-1461,openSUSE-SLE-15.4-2022-1461
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.6 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.1 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs12 fixes the following issues:\n\t\n- CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).\n- CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247).\n- CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283).\n- CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1461,SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1461,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1461,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1461,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1461,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1461,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1461,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1461,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1461,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1461,SUSE-Storage-7-2022-1461,openSUSE-SLE-15.3-2022-1461,openSUSE-SLE-15.4-2022-1461",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1461-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1461-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221461-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1461-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010865.html"
},
{
"category": "self",
"summary": "SUSE Bug 1194819",
"url": "https://bugzilla.suse.com/1194819"
},
{
"category": "self",
"summary": "SUSE Bug 1196877",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "self",
"summary": "SUSE Bug 1197283",
"url": "https://bugzilla.suse.com/1197283"
},
{
"category": "self",
"summary": "SUSE Bug 1198247",
"url": "https://bugzilla.suse.com/1198247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44906 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44907 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0235 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0778 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0778/"
}
],
"title": "Security update for nodejs12",
"tracking": {
"current_release_date": "2022-04-28T14:25:18Z",
"generator": {
"date": "2022-04-28T14:25:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1461-1",
"initial_release_date": "2022-04-28T14:25:18Z",
"revision_history": [
{
"date": "2022-04-28T14:25:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"product": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"product_id": "nodejs12-12.22.12-150200.4.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"product": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"product_id": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm12-12.22.12-150200.4.32.1.aarch64",
"product": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64",
"product_id": "npm12-12.22.12-150200.4.32.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.22.12-150200.4.32.1.i586",
"product": {
"name": "nodejs12-12.22.12-150200.4.32.1.i586",
"product_id": "nodejs12-12.22.12-150200.4.32.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.22.12-150200.4.32.1.i586",
"product": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.i586",
"product_id": "nodejs12-devel-12.22.12-150200.4.32.1.i586"
}
},
{
"category": "product_version",
"name": "npm12-12.22.12-150200.4.32.1.i586",
"product": {
"name": "npm12-12.22.12-150200.4.32.1.i586",
"product_id": "npm12-12.22.12-150200.4.32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"product": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"product_id": "nodejs12-docs-12.22.12-150200.4.32.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"product": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"product_id": "nodejs12-12.22.12-150200.4.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"product": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"product_id": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm12-12.22.12-150200.4.32.1.ppc64le",
"product": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le",
"product_id": "npm12-12.22.12-150200.4.32.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.22.12-150200.4.32.1.s390x",
"product": {
"name": "nodejs12-12.22.12-150200.4.32.1.s390x",
"product_id": "nodejs12-12.22.12-150200.4.32.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"product": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"product_id": "nodejs12-devel-12.22.12-150200.4.32.1.s390x"
}
},
{
"category": "product_version",
"name": "npm12-12.22.12-150200.4.32.1.s390x",
"product": {
"name": "npm12-12.22.12-150200.4.32.1.s390x",
"product_id": "npm12-12.22.12-150200.4.32.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"product": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"product_id": "nodejs12-12.22.12-150200.4.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"product": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"product_id": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm12-12.22.12-150200.4.32.1.x86_64",
"product": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64",
"product_id": "npm12-12.22.12-150200.4.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.22.12-150200.4.32.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.22.12-150200.4.32.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch"
},
"product_reference": "nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.22.12-150200.4.32.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
},
"product_reference": "npm12-12.22.12-150200.4.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44906"
}
],
"notes": [
{
"category": "general",
"text": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44906",
"url": "https://www.suse.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "SUSE Bug 1198247 for CVE-2021-44906",
"url": "https://bugzilla.suse.com/1198247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:25:18Z",
"details": "moderate"
}
],
"title": "CVE-2021-44906"
},
{
"cve": "CVE-2021-44907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44907"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44907",
"url": "https://www.suse.com/security/cve/CVE-2021-44907"
},
{
"category": "external",
"summary": "SUSE Bug 1197283 for CVE-2021-44907",
"url": "https://bugzilla.suse.com/1197283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:25:18Z",
"details": "low"
}
],
"title": "CVE-2021-44907"
},
{
"cve": "CVE-2022-0235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0235"
}
],
"notes": [
{
"category": "general",
"text": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0235",
"url": "https://www.suse.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "SUSE Bug 1194819 for CVE-2022-0235",
"url": "https://bugzilla.suse.com/1194819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:25:18Z",
"details": "moderate"
}
],
"title": "CVE-2022-0235"
},
{
"cve": "CVE-2022-0778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0778"
}
],
"notes": [
{
"category": "general",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0778",
"url": "https://www.suse.com/security/cve/CVE-2022-0778"
},
{
"category": "external",
"summary": "SUSE Bug 1196877 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "external",
"summary": "SUSE Bug 1197328 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197328"
},
{
"category": "external",
"summary": "SUSE Bug 1197340 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197340"
},
{
"category": "external",
"summary": "SUSE Bug 1199100 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199100"
},
{
"category": "external",
"summary": "SUSE Bug 1199254 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199254"
},
{
"category": "external",
"summary": "SUSE Bug 1199303 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199303"
},
{
"category": "external",
"summary": "SUSE Bug 1199339 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199339"
},
{
"category": "external",
"summary": "SUSE Bug 1200090 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1200090"
},
{
"category": "external",
"summary": "SUSE Bug 1225670 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1225670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Enterprise Storage 7:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Enterprise Storage 7:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Proxy 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"SUSE Manager Server 4.1:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.ppc64le",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.s390x",
"SUSE Manager Server 4.1:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.3:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.3:npm12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:nodejs12-devel-12.22.12-150200.4.32.1.x86_64",
"openSUSE Leap 15.4:nodejs12-docs-12.22.12-150200.4.32.1.noarch",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.aarch64",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.ppc64le",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.s390x",
"openSUSE Leap 15.4:npm12-12.22.12-150200.4.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:25:18Z",
"details": "important"
}
],
"title": "CVE-2022-0778"
}
]
}
SUSE-SU-2022:1462-1
Vulnerability from csaf_suse - Published: 2022-04-28 14:46 - Updated: 2022-04-28 14:46Summary
Security update for nodejs14
Severity
Important
Notes
Title of the patch: Security update for nodejs14
Description of the patch: This update for nodejs14 fixes the following issues:
- CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247).
- CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283).
- CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).
Patchnames: SUSE-2022-1462,SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1462,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1462,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1462,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1462,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1462,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1462,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1462,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1462,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1462,SUSE-Storage-7-2022-1462,openSUSE-SLE-15.3-2022-1462,openSUSE-SLE-15.4-2022-1462
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.6 (Medium)
Affected products
Recommended
106 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
106 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.1 (Medium)
Affected products
Recommended
106 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
106 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs14",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs14 fixes the following issues:\n\n- CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).\n- CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247).\n- CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283).\n- CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1462,SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1462,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1462,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1462,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1462,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1462,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1462,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1462,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1462,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1462,SUSE-Storage-7-2022-1462,openSUSE-SLE-15.3-2022-1462,openSUSE-SLE-15.4-2022-1462",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1462-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1462-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221462-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1462-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010864.html"
},
{
"category": "self",
"summary": "SUSE Bug 1194819",
"url": "https://bugzilla.suse.com/1194819"
},
{
"category": "self",
"summary": "SUSE Bug 1196877",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "self",
"summary": "SUSE Bug 1197283",
"url": "https://bugzilla.suse.com/1197283"
},
{
"category": "self",
"summary": "SUSE Bug 1198247",
"url": "https://bugzilla.suse.com/1198247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44906 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44907 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0235 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0778 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0778/"
}
],
"title": "Security update for nodejs14",
"tracking": {
"current_release_date": "2022-04-28T14:46:29Z",
"generator": {
"date": "2022-04-28T14:46:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1462-1",
"initial_release_date": "2022-04-28T14:46:29Z",
"revision_history": [
{
"date": "2022-04-28T14:46:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack14-14.19.1-150200.15.31.1.aarch64",
"product": {
"name": "corepack14-14.19.1-150200.15.31.1.aarch64",
"product_id": "corepack14-14.19.1-150200.15.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"product": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"product_id": "nodejs14-14.19.1-150200.15.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"product": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"product_id": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm14-14.19.1-150200.15.31.1.aarch64",
"product": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64",
"product_id": "npm14-14.19.1-150200.15.31.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack14-14.19.1-150200.15.31.1.i586",
"product": {
"name": "corepack14-14.19.1-150200.15.31.1.i586",
"product_id": "corepack14-14.19.1-150200.15.31.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs14-14.19.1-150200.15.31.1.i586",
"product": {
"name": "nodejs14-14.19.1-150200.15.31.1.i586",
"product_id": "nodejs14-14.19.1-150200.15.31.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs14-devel-14.19.1-150200.15.31.1.i586",
"product": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.i586",
"product_id": "nodejs14-devel-14.19.1-150200.15.31.1.i586"
}
},
{
"category": "product_version",
"name": "npm14-14.19.1-150200.15.31.1.i586",
"product": {
"name": "npm14-14.19.1-150200.15.31.1.i586",
"product_id": "npm14-14.19.1-150200.15.31.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"product": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"product_id": "nodejs14-docs-14.19.1-150200.15.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack14-14.19.1-150200.15.31.1.ppc64le",
"product": {
"name": "corepack14-14.19.1-150200.15.31.1.ppc64le",
"product_id": "corepack14-14.19.1-150200.15.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"product": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"product_id": "nodejs14-14.19.1-150200.15.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"product": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"product_id": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm14-14.19.1-150200.15.31.1.ppc64le",
"product": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le",
"product_id": "npm14-14.19.1-150200.15.31.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack14-14.19.1-150200.15.31.1.s390x",
"product": {
"name": "corepack14-14.19.1-150200.15.31.1.s390x",
"product_id": "corepack14-14.19.1-150200.15.31.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs14-14.19.1-150200.15.31.1.s390x",
"product": {
"name": "nodejs14-14.19.1-150200.15.31.1.s390x",
"product_id": "nodejs14-14.19.1-150200.15.31.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"product": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"product_id": "nodejs14-devel-14.19.1-150200.15.31.1.s390x"
}
},
{
"category": "product_version",
"name": "npm14-14.19.1-150200.15.31.1.s390x",
"product": {
"name": "npm14-14.19.1-150200.15.31.1.s390x",
"product_id": "npm14-14.19.1-150200.15.31.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack14-14.19.1-150200.15.31.1.x86_64",
"product": {
"name": "corepack14-14.19.1-150200.15.31.1.x86_64",
"product_id": "corepack14-14.19.1-150200.15.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"product": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"product_id": "nodejs14-14.19.1-150200.15.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"product": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"product_id": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm14-14.19.1-150200.15.31.1.x86_64",
"product": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64",
"product_id": "npm14-14.19.1-150200.15.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack14-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "corepack14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack14-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "corepack14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack14-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "corepack14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack14-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "corepack14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs14-docs-14.19.1-150200.15.31.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch"
},
"product_reference": "nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm14-14.19.1-150200.15.31.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
},
"product_reference": "npm14-14.19.1-150200.15.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44906"
}
],
"notes": [
{
"category": "general",
"text": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44906",
"url": "https://www.suse.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "SUSE Bug 1198247 for CVE-2021-44906",
"url": "https://bugzilla.suse.com/1198247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:46:29Z",
"details": "moderate"
}
],
"title": "CVE-2021-44906"
},
{
"cve": "CVE-2021-44907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44907"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44907",
"url": "https://www.suse.com/security/cve/CVE-2021-44907"
},
{
"category": "external",
"summary": "SUSE Bug 1197283 for CVE-2021-44907",
"url": "https://bugzilla.suse.com/1197283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:46:29Z",
"details": "low"
}
],
"title": "CVE-2021-44907"
},
{
"cve": "CVE-2022-0235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0235"
}
],
"notes": [
{
"category": "general",
"text": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0235",
"url": "https://www.suse.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "SUSE Bug 1194819 for CVE-2022-0235",
"url": "https://bugzilla.suse.com/1194819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:46:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-0235"
},
{
"cve": "CVE-2022-0778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0778"
}
],
"notes": [
{
"category": "general",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0778",
"url": "https://www.suse.com/security/cve/CVE-2022-0778"
},
{
"category": "external",
"summary": "SUSE Bug 1196877 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "external",
"summary": "SUSE Bug 1197328 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197328"
},
{
"category": "external",
"summary": "SUSE Bug 1197340 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197340"
},
{
"category": "external",
"summary": "SUSE Bug 1199100 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199100"
},
{
"category": "external",
"summary": "SUSE Bug 1199254 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199254"
},
{
"category": "external",
"summary": "SUSE Bug 1199303 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199303"
},
{
"category": "external",
"summary": "SUSE Bug 1199339 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199339"
},
{
"category": "external",
"summary": "SUSE Bug 1200090 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1200090"
},
{
"category": "external",
"summary": "SUSE Bug 1225670 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1225670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Enterprise Storage 7:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Enterprise Storage 7:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Proxy 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Proxy 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Retail Branch Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"SUSE Manager Server 4.1:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.ppc64le",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.s390x",
"SUSE Manager Server 4.1:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.3:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.3:npm14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:corepack14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:nodejs14-devel-14.19.1-150200.15.31.1.x86_64",
"openSUSE Leap 15.4:nodejs14-docs-14.19.1-150200.15.31.1.noarch",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.aarch64",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.ppc64le",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.s390x",
"openSUSE Leap 15.4:npm14-14.19.1-150200.15.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-28T14:46:29Z",
"details": "important"
}
],
"title": "CVE-2022-0778"
}
]
}
SUSE-SU-2022:14915-1
Vulnerability from csaf_suse - Published: 2022-03-15 18:29 - Updated: 2022-03-15 18:29Summary
Security update for openssl
Severity
Important
Notes
Title of the patch: Security update for openssl
Description of the patch: This update for openssl fixes the following issues:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
Patchnames: sleposp3-openssl-14915,slessp4-openssl-14915
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\n- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-openssl-14915,slessp4-openssl-14915",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_14915-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:14915-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-202214915-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:14915-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010454.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196877",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0778 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0778/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2022-03-15T18:29:18Z",
"generator": {
"date": "2022-03-15T18:29:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:14915-1",
"initial_release_date": "2022-03-15T18:29:18Z",
"revision_history": [
{
"date": "2022-03-15T18:29:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.46.1.i586",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.46.1.i586",
"product_id": "libopenssl-devel-0.9.8j-0.106.46.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.46.1.i586",
"product": {
"name": "openssl-0.9.8j-0.106.46.1.i586",
"product_id": "openssl-0.9.8j-0.106.46.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.46.1.i586",
"product": {
"name": "openssl-doc-0.9.8j-0.106.46.1.i586",
"product_id": "openssl-doc-0.9.8j-0.106.46.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.46.1.ppc64",
"product": {
"name": "openssl-0.9.8j-0.106.46.1.ppc64",
"product_id": "openssl-0.9.8j-0.106.46.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.46.1.ppc64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.46.1.ppc64",
"product_id": "openssl-doc-0.9.8j-0.106.46.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.46.1.s390x",
"product": {
"name": "openssl-0.9.8j-0.106.46.1.s390x",
"product_id": "openssl-0.9.8j-0.106.46.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.46.1.s390x",
"product": {
"name": "openssl-doc-0.9.8j-0.106.46.1.s390x",
"product_id": "openssl-doc-0.9.8j-0.106.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.46.1.x86_64",
"product": {
"name": "openssl-0.9.8j-0.106.46.1.x86_64",
"product_id": "openssl-0.9.8j-0.106.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.46.1.x86_64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.46.1.x86_64",
"product_id": "openssl-doc-0.9.8j-0.106.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.46.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.46.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.46.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.46.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.ppc64"
},
"product_reference": "openssl-0.9.8j-0.106.46.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.46.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.ppc64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.46.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0778"
}
],
"notes": [
{
"category": "general",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0778",
"url": "https://www.suse.com/security/cve/CVE-2022-0778"
},
{
"category": "external",
"summary": "SUSE Bug 1196877 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "external",
"summary": "SUSE Bug 1197328 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197328"
},
{
"category": "external",
"summary": "SUSE Bug 1197340 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197340"
},
{
"category": "external",
"summary": "SUSE Bug 1199100 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199100"
},
{
"category": "external",
"summary": "SUSE Bug 1199254 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199254"
},
{
"category": "external",
"summary": "SUSE Bug 1199303 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199303"
},
{
"category": "external",
"summary": "SUSE Bug 1199339 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199339"
},
{
"category": "external",
"summary": "SUSE Bug 1200090 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1200090"
},
{
"category": "external",
"summary": "SUSE Bug 1225670 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1225670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.46.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-15T18:29:18Z",
"details": "important"
}
],
"title": "CVE-2022-0778"
}
]
}
SUSE-SU-2022:14916-1
Vulnerability from csaf_suse - Published: 2022-03-15 18:36 - Updated: 2022-03-15 18:36Summary
Security update for openssl1
Severity
Important
Notes
Title of the patch: Security update for openssl1
Description of the patch: This update for openssl1 fixes the following issues:
- CVE-2022-0778: Fixed an infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877)
Patchnames: secsp3-openssl1-14916
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl1 fixes the following issues:\n\n- CVE-2022-0778: Fixed an infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "secsp3-openssl1-14916",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_14916-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:14916-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-202214916-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:14916-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010447.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196877",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0778 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0778/"
}
],
"title": "Security update for openssl1",
"tracking": {
"current_release_date": "2022-03-15T18:36:27Z",
"generator": {
"date": "2022-03-15T18:36:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:14916-1",
"initial_release_date": "2022-03-15T18:36:27Z",
"revision_history": [
{
"date": "2022-03-15T18:36:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.i586",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.i586",
"product_id": "libopenssl1-devel-1.0.1g-0.58.42.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.i586",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.42.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.42.1.i586",
"product": {
"name": "openssl1-1.0.1g-0.58.42.1.i586",
"product_id": "openssl1-1.0.1g-0.58.42.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.42.1.i586",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.i586",
"product_id": "openssl1-doc-1.0.1g-0.58.42.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.ia64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.ia64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.42.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.ia64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.ia64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.42.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64",
"product": {
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64",
"product_id": "libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.42.1.ia64",
"product": {
"name": "openssl1-1.0.1g-0.58.42.1.ia64",
"product_id": "openssl1-1.0.1g-0.58.42.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.42.1.ia64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.ia64",
"product_id": "openssl1-doc-1.0.1g-0.58.42.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.ppc64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.ppc64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.42.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.42.1.ppc64",
"product": {
"name": "openssl1-1.0.1g-0.58.42.1.ppc64",
"product_id": "openssl1-1.0.1g-0.58.42.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.42.1.ppc64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.ppc64",
"product_id": "openssl1-doc-1.0.1g-0.58.42.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.s390x",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.s390x",
"product_id": "libopenssl1-devel-1.0.1g-0.58.42.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.42.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.42.1.s390x",
"product": {
"name": "openssl1-1.0.1g-0.58.42.1.s390x",
"product_id": "openssl1-1.0.1g-0.58.42.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.42.1.s390x",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.s390x",
"product_id": "openssl1-doc-1.0.1g-0.58.42.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.x86_64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.x86_64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.42.1.x86_64",
"product": {
"name": "openssl1-1.0.1g-0.58.42.1.x86_64",
"product_id": "openssl1-1.0.1g-0.58.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.42.1.x86_64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.x86_64",
"product_id": "openssl1-doc-1.0.1g-0.58.42.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product": {
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:security"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.i586"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.42.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ia64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.42.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ppc64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.42.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.s390x"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.42.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.x86_64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.i586"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.42.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ia64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.42.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64"
},
"product_reference": "libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.42.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.i586"
},
"product_reference": "openssl1-1.0.1g-0.58.42.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.42.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ia64"
},
"product_reference": "openssl1-1.0.1g-0.58.42.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.42.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ppc64"
},
"product_reference": "openssl1-1.0.1g-0.58.42.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.42.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.s390x"
},
"product_reference": "openssl1-1.0.1g-0.58.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.42.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.x86_64"
},
"product_reference": "openssl1-1.0.1g-0.58.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.i586"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.42.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ia64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.42.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ppc64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.42.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.s390x"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.42.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.x86_64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0778"
}
],
"notes": [
{
"category": "general",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0778",
"url": "https://www.suse.com/security/cve/CVE-2022-0778"
},
{
"category": "external",
"summary": "SUSE Bug 1196877 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1196877"
},
{
"category": "external",
"summary": "SUSE Bug 1197328 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197328"
},
{
"category": "external",
"summary": "SUSE Bug 1197340 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1197340"
},
{
"category": "external",
"summary": "SUSE Bug 1199100 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199100"
},
{
"category": "external",
"summary": "SUSE Bug 1199254 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199254"
},
{
"category": "external",
"summary": "SUSE Bug 1199303 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199303"
},
{
"category": "external",
"summary": "SUSE Bug 1199339 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1199339"
},
{
"category": "external",
"summary": "SUSE Bug 1200090 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1200090"
},
{
"category": "external",
"summary": "SUSE Bug 1225670 for CVE-2022-0778",
"url": "https://bugzilla.suse.com/1225670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.42.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-15T18:36:27Z",
"details": "important"
}
],
"title": "CVE-2022-0778"
}
]
}
VAR-202203-0005
Vulnerability from variot - Updated: 2025-12-22 22:11The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). OpenSSL Project Than, OpenSSL Security Advisory [15 March 2022] Has been published. Severity − High ( Severity: High ) OpenSSL of BN_mod_sqrt() Computes the square root in a finite field. BN_mod_sqrt() Has the problem of causing an infinite loop if the law is non-prime. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2372) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2389) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2021-35604) get_sort_by_table in MariaDB prior to 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) save_window_function_values in MariaDB prior to 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658) MariaDB prior to 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) MariaDB up to and including 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) MariaDB up to and including 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662) MariaDB up to and including 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. (CVE-2021-46663) MariaDB up to and including 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. (CVE-2021-46664) MariaDB up to and including 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665) MariaDB prior to 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. (CVE-2021-46667) MariaDB up to and including 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. (CVE-2021-46668) A use-after-free vulnerability was found in MariaDB. This flaw allows malicious users to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. (CVE-2022-0778) (CVE-2022-0778) Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21595) MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. (CVE-2022-24048) MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050) MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051) A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running arbitrary code. (CVE-2022-24052) MariaDB Server v10.6.5 and below exists to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377) An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378) An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27379) An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) An issue in the component Field::set_default of MariaDB Server v10.6 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381) MariaDB Server v10.7 and below exists to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382) MariaDB Server v10.6 and below exists to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383) An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27384) An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385) MariaDB Server v10.7 and below exists to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386) MariaDB Server v10.7 and below exists to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446) MariaDB Server v10.9 and below exists to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447) There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458) MariaDB Server prior to 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622) MariaDB Server prior to 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623) MariaDB Server prior to 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) MariaDB v10.4 to v10.7 exists to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081) MariaDB v10.5 to v10.7 exists to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082) MariaDB v10.2 to v10.6.1 exists to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component sub_select. (CVE-2022-32084) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085) MariaDB v10.4 to v10.8 exists to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088) MariaDB v10.5 to v10.7 exists to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089) MariaDB v10.7 exists to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091) In MariaDB prior to 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. (CVE-2022-38791). See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2022:1355
Space precludes documenting all of the container images in this advisory.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.10-x86_64
The image digest is sha256:39efe13ef67cb4449f5e6cdd8a26c83c07c6a2ce5d235dfbc3ba58c64418fcf3
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.10-s390x
The image digest is sha256:49b63b22bc221e29e804fc3cc769c6eff97c655a1f5017f429aa0dad2593a0a8
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.10-ppc64le
The image digest is sha256:0d34e1198679a500a3af7acbdfba7864565f7c4f5367ca428d34dee9a9912c9c
(For aarch64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.10-aarch64
The image digest is sha256:ddf6cb04e74ac88874793a3c0538316c9ac8ff154267984c8a4ea7047913e1db
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2050118 - 4.10: oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured 2052414 - Start last run action should contain current user name in the started-by annotation of the PLR 2054404 - ip-reconcile job is failing consistently 2054767 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added 2054808 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s 2055661 - migrate loadbalancers from amphora to ovn not working 2057881 - MetalLB: speaker metrics is not updated when deleting a service 2059347 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members 2059945 - MetalLB: Move CI config files to metallb repo from dev-scripts repo 2060362 - Openshift registry starts to segfault after S3 storage configuration 2060586 - [4.10.z] [RFE] use /dev/ptp_hyperv on Azure/AzureStack 2064204 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum 2064988 - Fix the hubUrl docs link in pipeline quicksearch modal 2065488 - ip-reconciler job does not complete, halts node drain 2065832 - oc mirror hangs when processing the Red Hat 4.10 catalog 2067311 - PPT event source is lost when received by the consumer 2067719 - Update channels information link is taking to a 404 error page 2069095 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster 2069913 - Disabling community tasks is not working 2070131 - Installation of Openshift virtualization fails with error service "hco-webhook-service" not found 2070492 - [4.10.z backport] On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain 2070525 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator 2071479 - Thanos Querier high CPU and memory usage till OOM 2072191 - [4.10] cluster storage operator AWS credentialsrequest lacks KMS privileges 2072440 - Pipeline builder makes too many (100+) API calls upfront 2072928 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.
apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE-----
. Bugs fixed (https://bugzilla.redhat.com/):
2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty
- The updated image includes bug and security fixes. Solution:
If you are using the RHACS 3.68.1, you are advised to upgrade to patch release 3.68.2. Bugs fixed (https://bugzilla.redhat.com/):
2090957 - CVE-2022-1902 stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext
- JIRA issues fixed (https://issues.jboss.org/):
ROX-11391 - Release RHACS 3.68.2 ROX-9657 - Patch supported RHACS images previous to 3.69.0 release to fix RHSA-2022:0658
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2022:1078-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1078 Issue date: 2022-03-28 CVE Names: CVE-2022-0778 ==================================================================== 1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source: openssl-1.0.2k-18.el7_6.src.rpm
x86_64: openssl-1.0.2k-18.el7_6.x86_64.rpm openssl-debuginfo-1.0.2k-18.el7_6.i686.rpm openssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm openssl-devel-1.0.2k-18.el7_6.i686.rpm openssl-devel-1.0.2k-18.el7_6.x86_64.rpm openssl-libs-1.0.2k-18.el7_6.i686.rpm openssl-libs-1.0.2k-18.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source: openssl-1.0.2k-18.el7_6.src.rpm
ppc64le: openssl-1.0.2k-18.el7_6.ppc64le.rpm openssl-debuginfo-1.0.2k-18.el7_6.ppc64le.rpm openssl-devel-1.0.2k-18.el7_6.ppc64le.rpm openssl-libs-1.0.2k-18.el7_6.ppc64le.rpm
x86_64: openssl-1.0.2k-18.el7_6.x86_64.rpm openssl-debuginfo-1.0.2k-18.el7_6.i686.rpm openssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm openssl-devel-1.0.2k-18.el7_6.i686.rpm openssl-devel-1.0.2k-18.el7_6.x86_64.rpm openssl-libs-1.0.2k-18.el7_6.i686.rpm openssl-libs-1.0.2k-18.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source: openssl-1.0.2k-18.el7_6.src.rpm
x86_64: openssl-1.0.2k-18.el7_6.x86_64.rpm openssl-debuginfo-1.0.2k-18.el7_6.i686.rpm openssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm openssl-devel-1.0.2k-18.el7_6.i686.rpm openssl-devel-1.0.2k-18.el7_6.x86_64.rpm openssl-libs-1.0.2k-18.el7_6.i686.rpm openssl-libs-1.0.2k-18.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64: openssl-debuginfo-1.0.2k-18.el7_6.i686.rpm openssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm openssl-perl-1.0.2k-18.el7_6.x86_64.rpm openssl-static-1.0.2k-18.el7_6.i686.rpm openssl-static-1.0.2k-18.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: openssl-debuginfo-1.0.2k-18.el7_6.ppc64le.rpm openssl-perl-1.0.2k-18.el7_6.ppc64le.rpm openssl-static-1.0.2k-18.el7_6.ppc64le.rpm
x86_64: openssl-debuginfo-1.0.2k-18.el7_6.i686.rpm openssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm openssl-perl-1.0.2k-18.el7_6.x86_64.rpm openssl-static-1.0.2k-18.el7_6.i686.rpm openssl-static-1.0.2k-18.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64: openssl-debuginfo-1.0.2k-18.el7_6.i686.rpm openssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm openssl-perl-1.0.2k-18.el7_6.x86_64.rpm openssl-static-1.0.2k-18.el7_6.i686.rpm openssl-static-1.0.2k-18.el7_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. Summary:
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11 ==============hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1937609 - VM cannot be restarted
1945593 - Live migration should be blocked for VMs with host devices
1968514 - [RFE] Add cancel migration action to virtctl
1993109 - CNV MacOS Client not signed
1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side
2001385 - no "name" label in virt-operator pod
2009793 - KBase to clarify nested support status is missing
2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate
2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)
2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation
2026357 - Migration in sequence can be reported as failed even when it succeeded
2029349 - cluster-network-addons-operator does not serve metrics through HTTPS
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2031857 - Add annotation for URL to download the image
2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2035344 - kubemacpool-mac-controller-manager not ready
2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered
2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks
2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI
2041467 - [SSP] Support custom DataImportCron creating in custom namespaces
2042402 - LiveMigration with postcopy misbehave when failure occurs
2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists
2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?
2051899 - 4.11.0 containers
2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules
2052466 - Event does not include reason for inability to live migrate
2052689 - Overhead Memory consumption calculations are incorrect
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2056467 - virt-template-validator pods getting scheduled on the same node
2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long
2057310 - qemu-guest-agent does not report information due to selinux denials
2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image
2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs
2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state
2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool
2060585 - [SNO] Failed to find the virt-controller leader pod
2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled.
2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource
2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace
2063792 - No DataImportCron for CentOS 7
2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2064936 - Migration of vm from VMware reports pvc not large enough
2065014 - Feature Highlights in CNV 4.10 contains links to 4.7
2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running
2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group
2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom
2069287 - Two annotations for VM Template provider name
2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2070864 - non-privileged user cannot see catalog tiles
2071488 - "Migrate Node to Node" is confusing.
2071549 - [rhel-9] unable to create a non-root virt-launcher based VM
2071611 - Metrics documentation generators are missing metrics/recording rules
2071921 - Kubevirt RPM is not being built
2073669 - [rhel-9] VM fails to start
2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream
2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command
2074337 - VM created from registry cannot be started
2075200 - VLAN filtering cannot be configured with Intel X710
2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff
2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR"
2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file
2076790 - Alert SSPDown is constantly in Firing state
2076908 - clicking on a template in the Running VMs per Template card leads to 404
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2078700 - Windows template boot source should be blank
2078703 - [RFE] Please hide the user defined password when customizing cloud-init
2078709 - VM conditions column have wrong key/values
2078728 - Common template rootDisk is not named correctly
2079366 - rootdisk is not able to edit
2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM
2079783 - Actions are broken in topology view
2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck
2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod
2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop
2080833 - Missing cloud init script editor in the scripts tab
2080835 - SSH key is set using cloud init script instead of new api
2081182 - VM SSH command generated by UI points at api VIP
2081202 - cloud-init for Windows VM generated with corrupted "undefined" section
2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs
2081671 - SSH service created outside the UI is not discoverable
2081831 - [RFE] Improve disk hotplug UX
2082008 - LiveMigration fails due to loss of connection to destination host
2082164 - Migration progress timeout expects absolute progress
2082912 - [CNV-4.11] HCO Being Unable to Reconcile State
2083093 - VM overview tab is crashed
2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?
2083100 - Something keeps loading in the ?node selector? modal
2083101 - ?Restore default settings? never become available while editing CPU/Memory
2083135 - VM fails to schedule with vTPM in spec
2083256 - SSP Reconcile logging improvement when CR resources are changed
2083595 - [RFE] Disable VM descheduler if the VM is not live migratable
2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test'
2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails
2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field
2084431 - User credentials for ssh is not in correct format
2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab.
2084532 - Console is crashed while detaching disk
2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)
2085320 - Tolerations rules is not adding correctly
2085322 - Not able to stop/restart VM if the VM is staying in "Starting"
2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode
2086278 - Cloud init script edit add " hostname='' " when is should not be added
2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode
2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode
2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode
2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card
2086303 - non-priv user can't create VM when namespace is not selected
2086479 - some modals use ?Save? and some modals use ?Submit?
2086486 - cluster overview getting started card include old information
2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend
2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard
2086803 - When clonnig a template we need to update vm labels and annotaions to match new template
2086825 - VM restore PVC uses exact source PVC request size
2086849 - Create from YAML example is not runnable
2087188 - When VM is stopped - adding disk failed to show
2087189 - When VM is stopped - adding disk failed to show
2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2087546 - "Quick Starts" is missing in Getting started card
2087547 - Activity and Status card are missing in Virtualization Overview
2087559 - template in "VMs per template" should take user to vm list page
2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists
2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?
2087577 - "VMs per template" load time is a bit long
2087578 - Terminology "VM" should be "Virtual Machine" in all places
2087582 - Remove VMI and MTV from the navigation
2087583 - [RFE] Show more info about boot source in template list
2087584 - Template provider should not be mandatory
2087587 - Improve the descriptive text in the kebab menu of template
2087589 - Red icons shows in storage disk source selection without a good reason
2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab
2087593 - "Boot method" is not a good name in overview tab
2087603 - Align details card for single VM overview with the design doc
2087616 - align the utilization card of single VM overview with the design
2087701 - [RFE] Missing a link to VMI from running VM details page
2087717 - Message when editing template boot source is wrong
2088034 - Virtualization Overview crashes when a VirtualMachine has no labels
2088355 - disk modal shows all storage classes as default
2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user
2088379 - Create VM from catalog does not respect the storageclass of the template's boot source
2088407 - Missing create button in the template list
2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context
2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11
2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error
2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation
2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco
2089271 - Virtualization appears twice in sidebar
2089327 - add network modal crash when no networks available
2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page
2089477 - [RFE] Allow upload source when adding VM disk
2089700 - Drive column in Disks card of Overview page has duplicated values
2089745 - When removing all disks from customize wizard app crashes
2089789 - Add windows drivers disk is missing when template is not windows
2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user
2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages
2089840 - Cant create snapshot if VM is without disks
2089877 - Utilization card on single VM overview - timespan menu lacks 5min option
2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update
2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics
2089954 - Details card on single VM overview - VNC console has grey padding
2089963 - Details card on single VM overview - Operating system info is not available
2089967 - Network Interfaces card on single VM overview - name tooltip lacks info
2089970 - Network Interfaces card on single VM overview - IP tooltip
2089972 - Disks card on single VM overview -typo
2089979 - Single VM Details - CPU|Memory edit icon misplaced
2089982 - Single VM Details - SSH modal has redundant VM name
2090035 - Alert card is missing in single VM overview
2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview
2090037 - Add template link in single vm overview details card
2090038 - The update field under the version in overview should be consistent with the operator page
2090042 - Move the edit button close to the text for "boot order" and "ssh access"
2090043 - "No resource selected" in vm boot order
2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page
2090048 - "Boot mode" should be editable while VM is running
2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details
2090055 - Add link to vm template in vm details page
2090056 - "Something went wrong" shows on VM "Environment" tab
2090057 - "?" icon is too big in environment and disk tab
2090059 - Failed to add configmap in environment tab due to validate error
2090064 - Miss "remote desktop" in console dropdown list for windows VM
2090066 - [RFE] Improve guest login credentials
2090068 - Make the "name" and "Source" column wider in vm disk tab
2090131 - Key's value in "add affinity rule" modal is too small
2090350 - memory leak in virt-launcher process
2091003 - SSH service is not deleted along the VM
2091058 - After VM gets deleted, the user is redirected to a page with a different namespace
2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec.
2091406 - wrong template namespace label when creating a vm with wizard
2091754 - Scheduling and scripts tab should be editable while the VM is running
2091755 - Change bottom "Save" to "Apply" on cloud-init script form
2091756 - The root disk of cloned template should be editable
2091758 - "OS" should be "Operating system" in template filter
2091760 - The provider should be empty if it's not set during cloning
2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button
2091762 - Move notification above the tabs in template details page
2091764 - Clone a template should lead to the template details
2091765 - "Edit bootsource" is keeping in load in template actions dropdown
2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link
2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete
2091863 - BootSource edit modal should list affected templates
2091868 - Catalog list view has two columns named "BootSource"
2091889 - Devices should be editable for customize template
2091897 - username is missing in the generated ssh command
2091904 - VM is not started if adding "Authorized SSH Key" during vm creation
2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root
2091940 - SSH is not enabled in vm details after restart the VM
2091945 - delete a template should lead to templates list
2091946 - Add disk modal shows wrong units
2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco
2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank
2092052 - Virtualization should be omitted in Calatog breadcrumbs
2092071 - Getting started card in Virtualization overview can not be hidden.
2092079 - Error message stays even when problematic field is dismissed
2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO
2092228 - Ensure Machine Type for new VMs is 8.6
2092230 - [RFE] Add indication/mark to deprecated template
2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD"
2092337 - os is empty in VM details page
2092359 - [e2e] data-test-id includes all pvc name
2092654 - [RFE] No obvious way to delete the ssh key from the VM
2092662 - No url example for rhel and windows template
2092663 - no hyperlink for URL example in disk source "url"
2092664 - no hyperlink to the cdi uploadproxy URL
2092781 - Details card should be removed for non admins.
2092783 - Top consumers' card should be removed for non admins.
2092787 - Operators links should be removed from Getting started card
2092789 - "Learn more about Operators" link should lead to the Red Hat documentation
2092951 - ?Edit BootSource? action should have more explicit information when disabled
2093282 - Remove links to 'all-namespaces/' for non-privileged user
2093691 - Creation flow drawer left padding is broken
2093713 - Required fields in creation flow should be highlighted if empty
2093715 - Optional parameters section in creation flow is missing bottom padding
2093716 - CPU|Memory modal button should say "Restore template settings?
2093772 - Add a service in environment it reminds a pending change in boot order
2093773 - Console crashed if adding a service without serial number
2093866 - Cannot create vm from the template vm-template-example
2093867 - OS for template 'vm-template-example' should matching the version of the image
2094202 - Cloud-init username field should have hint
2094207 - Cloud-init password field should have auto-generate option
2094208 - SSH key input is missing validation
2094217 - YAML view should reflect shanges in SSH form
2094222 - "?" icon should be placed after red asterisk in required fields
2094323 - Workload profile should be editable in template details page
2094405 - adding resource on enviornment isnt showing on disks list when vm is running
2094440 - Utilization pie charts figures are not based on current data
2094451 - PVC selection in VM creation flow does not work for non-priv user
2094453 - CD Source selection in VM creation flow is missing Upload option
2094465 - Typo in Source tooltip
2094471 - Node selector modal for non-privileged user
2094481 - Tolerations modal for non-privileged user
2094486 - Add affinity rule modal
2094491 - Affinity rules modal button
2094495 - Descheduler modal has same text in two lines
2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id
2094665 - Dedicated Resources modal for non-privileged user
2094678 - Secrets and ConfigMaps can't be added to Windows VM
2094727 - Creation flow should have VM info in header row
2094807 - hardware devices dropdown has group title even with no devices in cluster
2094813 - Cloudinit password is seen in wizard
2094848 - Details card on Overview page - 'View details' link is missing
2095125 - OS is empty in the clone modal
2095129 - "undefined" appears in rootdisk line in clone modal
2095224 - affinity modal for non-privileged users
2095529 - VM migration cancelation in kebab action should have shorter name
2095530 - Column sizes in VM list view
2095532 - Node column in VM list view is visible to non-privileged user
2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime
2095570 - Details tab of VM should not have Node info for non-privileged user
2095573 - Disks created as environment or scripts should have proper label
2095953 - VNC console controls layout
2095955 - VNC console tabs
2096166 - Template "vm-template-example" is binding with namespace "default"
2096206 - Inconsistent capitalization in Template Actions
2096208 - Templates in the catalog list is not sorted
2096263 - Incorrectly displaying units for Disks size or Memory field in various places
2096333 - virtualization overview, related operators title is not aligned
2096492 - Cannot create vm from a cloned template if its boot source is edited
2096502 - "Restore template settings" should be removed from template CPU editor
2096510 - VM can be created without any disk
2096511 - Template shows "no Boot Source" and label "Source available" at the same time
2096620 - in templates list, edit boot reference kebab action opens a modal with different title
2096781 - Remove boot source provider while edit boot source reference
2096801 - vnc thumbnail in virtual machine overview should be active on page load
2096845 - Windows template's scripts tab is crashed
2097328 - virtctl guestfs shouldn't required uid = 0
2097370 - missing titles for optional parameters in wizard customization page
2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2098134 - "Workload profile" column is not showing completely in template list
2098135 - Workload is not showing correct in catalog after change the template's workload
2098282 - Javascript error when changing boot source of custom template to be an uploaded file
2099443 - No "Quick create virtualmachine" button for template 'vm-template-example'
2099533 - ConsoleQuickStart for HCO CR's VM is missing
2099535 - The cdi-uploadproxy certificate url should be opened in a new tab
2099539 - No storage option for upload while editing a disk
2099566 - Cloudinit should be replaced by cloud-init in all places
2099608 - "DynamicB" shows in vm-example disk size
2099633 - Doc links needs to be updated
2099639 - Remove user line from the ssh command section
2099802 - Details card link shouldn't be hard-coded
2100054 - Windows VM with WSL2 guest fails to migrate
2100284 - Virtualization overview is crashed
2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101485 - Cloudinit should be replaced by cloud-init in all places
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer
2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2102122 - non-priv user cannot load dataSource while edit template's rootdisk
2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2102125 - vm clone modal is displaying DV size instead of PVC size
2102127 - Cannot add NIC to VM template as non-priv user
2102129 - All templates are labeling "source available" in template list page
2102131 - The number of hardware devices is not correct in vm overview tab
2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2102143 - vm clone modal is displaying DV size instead of PVC size
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102543 - Add button moved to right
2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102545 - VM filter has two "Other" checkboxes which are triggered together
2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2106175 - All pages are crashed after visit Virtualization -> Overview
2106258 - All pages are crashed after visit Virtualization -> Overview
2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions
2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111562 - kubevirt plugin console crashed after visit vmi page
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
- Bugs fixed (https://bugzilla.redhat.com/):
2081686 - CVE-2022-29165 argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled 2081689 - CVE-2022-24905 argocd: Login screen allows message spoofing if SSO is enabled 2081691 - CVE-2022-24904 argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "nessus",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "10.0.0"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.2.42"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "10.1.2"
},
{
"model": "node.js",
"scope": "gt",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.0.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1n"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2zd"
},
{
"model": "a250",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "8.15.4"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.7.2"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.7.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.2"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "node.js",
"scope": "gt",
"trust": 1.0,
"vendor": "nodejs",
"version": "17.0.0"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.4.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.19.1"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.2.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.13.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.6.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.11"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.5.14"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.3.33"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.4.23"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.6.6"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "17.7.2"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.5.0"
},
{
"model": "node.js",
"scope": "gt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.3.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.14.2"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.12.0"
},
{
"model": "500f",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "neoface monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "mission critical mail",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/base",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec \u30a8\u30c3\u30b8\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "esmpro/serveragentservice",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "connexive application platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "univerge",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx sip application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "istoragemanager express",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/file transmission server/ftp",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "iot \u5171\u901a\u57fa\u76e4",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "simpwright",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "nec enhanced video analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ism\u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "nec ai accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ix \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "witchymail",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "istoragemanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "nec cyber security platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166818"
},
{
"db": "PACKETSTORM",
"id": "167371"
},
{
"db": "PACKETSTORM",
"id": "167555"
},
{
"db": "PACKETSTORM",
"id": "166504"
},
{
"db": "PACKETSTORM",
"id": "166502"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "167225"
}
],
"trust": 0.7
},
"cve": "CVE-2022-0778",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-0778",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0778",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0778",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0778",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0778",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2022-0778",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). OpenSSL Project Than, OpenSSL Security Advisory [15 March 2022] Has been published. Severity \u2212 High ( Severity: High ) OpenSSL of BN_mod_sqrt() Computes the square root in a finite field. BN_mod_sqrt() Has the problem of causing an infinite loop if the law is non-prime. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2372)\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2389)\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2021-35604)\nget_sort_by_table in MariaDB prior to 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\nsave_window_function_values in MariaDB prior to 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\nMariaDB prior to 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\nMariaDB up to and including 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\nMariaDB up to and including 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\nMariaDB up to and including 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. (CVE-2021-46663)\nMariaDB up to and including 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. (CVE-2021-46664)\nMariaDB up to and including 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\nMariaDB prior to 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666)\nAn integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. (CVE-2021-46667)\nMariaDB up to and including 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. (CVE-2021-46668)\nA use-after-free vulnerability was found in MariaDB. This flaw allows malicious users to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. (CVE-2022-0778) (CVE-2022-0778)\nVulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21595)\nMariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. (CVE-2022-24048)\nMariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\nMariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\nA flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running arbitrary code. (CVE-2022-24052)\nMariaDB Server v10.6.5 and below exists to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\nMariaDB Server v10.6.3 and below exists to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\nAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\nAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27379)\nAn issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\nAn issue in the component Field::set_default of MariaDB Server v10.6 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\nMariaDB Server v10.7 and below exists to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\nMariaDB Server v10.6 and below exists to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\nAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27384)\nAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385)\nMariaDB Server v10.7 and below exists to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\nMariaDB Server v10.7 and below exists to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\nMariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\nMariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\nMariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\nMariaDB Server v10.9 and below exists to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\nThere is an Assertion failure in MariaDB Server v10.9 and below via \u0027node-\u0026gt;pcur-\u0026gt;rel_pos == BTR_PCUR_ON\u0027 at /row/row0mysql.cc. (CVE-2022-27448)\nMariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\nMariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\nMariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\nMariaDB Server v10.6.3 and below exists to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\nMariaDB Server v10.6.3 and below exists to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\nMariaDB Server v10.6.3 and below exists to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\nMariaDB Server v10.6.3 and below exists to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\nMariaDB Server prior to 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\nMariaDB Server prior to 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u0026gt;ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\nMariaDB Server prior to 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\nMariaDB v10.4 to v10.7 exists to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\nMariaDB v10.5 to v10.7 exists to contain an assertion failure at table-\u0026gt;get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082)\nMariaDB v10.2 to v10.6.1 exists to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\nMariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component sub_select. (CVE-2022-32084)\nMariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\nMariaDB v10.4 to v10.8 exists to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086)\nMariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087)\nMariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\nMariaDB v10.5 to v10.7 exists to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089)\nMariaDB v10.7 exists to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)\nIn MariaDB prior to 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. (CVE-2022-38791). See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2022:1355\n\nSpace precludes documenting all of the container images in this advisory. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.10-x86_64\n\nThe image digest is\nsha256:39efe13ef67cb4449f5e6cdd8a26c83c07c6a2ce5d235dfbc3ba58c64418fcf3\n\n(For s390x architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.10-s390x\n\nThe image digest is\nsha256:49b63b22bc221e29e804fc3cc769c6eff97c655a1f5017f429aa0dad2593a0a8\n\n(For ppc64le architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.10-ppc64le\n\nThe image digest is\nsha256:0d34e1198679a500a3af7acbdfba7864565f7c4f5367ca428d34dee9a9912c9c\n\n(For aarch64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.10-aarch64\n\nThe image digest is\nsha256:ddf6cb04e74ac88874793a3c0538316c9ac8ff154267984c8a4ea7047913e1db\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2050118 - 4.10: oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured\n2052414 - Start last run action should contain current user name in the started-by annotation of the PLR\n2054404 - ip-reconcile job is failing consistently\n2054767 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added\n2054808 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s\n2055661 - migrate loadbalancers from amphora to ovn not working\n2057881 - MetalLB: speaker metrics is not updated when deleting a service\n2059347 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members\n2059945 - MetalLB: Move CI config files to metallb repo from dev-scripts repo\n2060362 - Openshift registry starts to segfault after S3 storage configuration\n2060586 - [4.10.z] [RFE] use /dev/ptp_hyperv on Azure/AzureStack\n2064204 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum\n2064988 - Fix the hubUrl docs link in pipeline quicksearch modal\n2065488 - ip-reconciler job does not complete, halts node drain\n2065832 - oc mirror hangs when processing the Red Hat 4.10 catalog\n2067311 - PPT event source is lost when received by the consumer\n2067719 - Update channels information link is taking to a 404 error page\n2069095 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster\n2069913 - Disabling community tasks is not working\n2070131 - Installation of Openshift virtualization fails with error service \"hco-webhook-service\" not found\n2070492 - [4.10.z backport] On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain\n2070525 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator\n2071479 - Thanos Querier high CPU and memory usage till OOM\n2072191 - [4.10] cluster storage operator AWS credentialsrequest lacks KMS privileges\n2072440 - Pipeline builder makes too many (100+) API calls upfront\n2072928 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty\n\n5. The updated image includes bug and security fixes. Solution:\n\nIf you are using the RHACS 3.68.1, you are advised to upgrade to patch\nrelease 3.68.2. Bugs fixed (https://bugzilla.redhat.com/):\n\n2090957 - CVE-2022-1902 stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nROX-11391 - Release RHACS 3.68.2\nROX-9657 - Patch supported RHACS images previous to 3.69.0 release to fix RHSA-2022:0658\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2022:1078-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1078\nIssue date: 2022-03-28\nCVE Names: CVE-2022-0778\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.6\nAdvanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.6 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nopenssl-1.0.2k-18.el7_6.src.rpm\n\nx86_64:\nopenssl-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.i686.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-devel-1.0.2k-18.el7_6.i686.rpm\nopenssl-devel-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-libs-1.0.2k-18.el7_6.i686.rpm\nopenssl-libs-1.0.2k-18.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nopenssl-1.0.2k-18.el7_6.src.rpm\n\nppc64le:\nopenssl-1.0.2k-18.el7_6.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.ppc64le.rpm\nopenssl-devel-1.0.2k-18.el7_6.ppc64le.rpm\nopenssl-libs-1.0.2k-18.el7_6.ppc64le.rpm\n\nx86_64:\nopenssl-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.i686.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-devel-1.0.2k-18.el7_6.i686.rpm\nopenssl-devel-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-libs-1.0.2k-18.el7_6.i686.rpm\nopenssl-libs-1.0.2k-18.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nopenssl-1.0.2k-18.el7_6.src.rpm\n\nx86_64:\nopenssl-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.i686.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-devel-1.0.2k-18.el7_6.i686.rpm\nopenssl-devel-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-libs-1.0.2k-18.el7_6.i686.rpm\nopenssl-libs-1.0.2k-18.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-18.el7_6.i686.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-perl-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-static-1.0.2k-18.el7_6.i686.rpm\nopenssl-static-1.0.2k-18.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nopenssl-debuginfo-1.0.2k-18.el7_6.ppc64le.rpm\nopenssl-perl-1.0.2k-18.el7_6.ppc64le.rpm\nopenssl-static-1.0.2k-18.el7_6.ppc64le.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-18.el7_6.i686.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-perl-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-static-1.0.2k-18.el7_6.i686.rpm\nopenssl-static-1.0.2k-18.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-18.el7_6.i686.rpm\nopenssl-debuginfo-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-perl-1.0.2k-18.el7_6.x86_64.rpm\nopenssl-static-1.0.2k-18.el7_6.i686.rpm\nopenssl-static-1.0.2k-18.el7_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. Summary:\n\nRed Hat OpenShift Virtualization release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 4.11.0\nimages:\n\nRHEL-8-CNV-4.11\n==============hostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937609 - VM cannot be restarted\n1945593 - Live migration should be blocked for VMs with host devices\n1968514 - [RFE] Add cancel migration action to virtctl\n1993109 - CNV MacOS Client not signed\n1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side\n2001385 - no \"name\" label in virt-operator pod\n2009793 - KBase to clarify nested support status is missing\n2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate\n2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)\n2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation\n2026357 - Migration in sequence can be reported as failed even when it succeeded\n2029349 - cluster-network-addons-operator does not serve metrics through HTTPS\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2031857 - Add annotation for URL to download the image\n2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2035344 - kubemacpool-mac-controller-manager not ready\n2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered\n2039976 - Pod stuck in \"Terminating\" state when removing VM with kernel boot and container disks\n2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI\n2041467 - [SSP] Support custom DataImportCron creating in custom namespaces\n2042402 - LiveMigration with postcopy misbehave when failure occurs\n2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists\n2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?\n2051899 - 4.11.0 containers\n2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn\u0027t configure ip nat rules\n2052466 - Event does not include reason for inability to live migrate\n2052689 - Overhead Memory consumption calculations are incorrect\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056467 - virt-template-validator pods getting scheduled on the same node\n2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long\n2057310 - qemu-guest-agent does not report information due to selinux denials\n2058149 - cluster-network-addons-operator deployment\u0027s MULTUS_IMAGE is pointing to brew image\n2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs\n2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state\n2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool\n2060585 - [SNO] Failed to find the virt-controller leader pod\n2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. \n2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource\n2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace\n2063792 - No DataImportCron for CentOS 7\n2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2064936 - Migration of vm from VMware reports pvc not large enough\n2065014 - Feature Highlights in CNV 4.10 contains links to 4.7\n2065019 - \"Running VMs per template\" in the new overview tab counts VMs that are not running\n2066768 - [CNV-4.11-HCO] User Cannot List Resource \"namespaces\" in API group\n2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom\n2069287 - Two annotations for VM Template provider name\n2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2070864 - non-privileged user cannot see catalog tiles\n2071488 - \"Migrate Node to Node\" is confusing. \n2071549 - [rhel-9] unable to create a non-root virt-launcher based VM\n2071611 - Metrics documentation generators are missing metrics/recording rules\n2071921 - Kubevirt RPM is not being built\n2073669 - [rhel-9] VM fails to start\n2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream\n2073982 - [CNV-4.11-RHEL9] \u0027virtctl\u0027 binary fails with \u0027rc1\u0027 with \u0027virtctl version\u0027 command\n2074337 - VM created from registry cannot be started\n2075200 - VLAN filtering cannot be configured with Intel X710\n2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff\n2076292 - Upgrade from 4.10.1-\u003e4.11 using nightly channel, is not completing with error \"could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR\"\n2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file\n2076790 - Alert SSPDown is constantly in Firing state\n2076908 - clicking on a template in the Running VMs per Template card leads to 404\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2078700 - Windows template boot source should be blank\n2078703 - [RFE] Please hide the user defined password when customizing cloud-init\n2078709 - VM conditions column have wrong key/values\n2078728 - Common template rootDisk is not named correctly\n2079366 - rootdisk is not able to edit\n2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM\n2079783 - Actions are broken in topology view\n2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck\n2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod\n2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop\n2080833 - Missing cloud init script editor in the scripts tab\n2080835 - SSH key is set using cloud init script instead of new api\n2081182 - VM SSH command generated by UI points at api VIP\n2081202 - cloud-init for Windows VM generated with corrupted \"undefined\" section\n2081409 - when viewing a common template details page, user need to see the message \"can\u0027t edit common template\" on all tabs\n2081671 - SSH service created outside the UI is not discoverable\n2081831 - [RFE] Improve disk hotplug UX\n2082008 - LiveMigration fails due to loss of connection to destination host\n2082164 - Migration progress timeout expects absolute progress\n2082912 - [CNV-4.11] HCO Being Unable to Reconcile State\n2083093 - VM overview tab is crashed\n2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?\n2083100 - Something keeps loading in the ?node selector? modal\n2083101 - ?Restore default settings? never become available while editing CPU/Memory\n2083135 - VM fails to schedule with vTPM in spec\n2083256 - SSP Reconcile logging improvement when CR resources are changed\n2083595 - [RFE] Disable VM descheduler if the VM is not live migratable\n2084102 - [e2e] Many elements are lacking proper selector like \u0027data-test-id\u0027 or \u0027data-test\u0027\n2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails\n2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field\n2084431 - User credentials for ssh is not in correct format\n2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. \n2084532 - Console is crashed while detaching disk\n2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)\n2085320 - Tolerations rules is not adding correctly\n2085322 - Not able to stop/restart VM if the VM is staying in \"Starting\"\n2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode\n2086278 - Cloud init script edit add \" hostname=\u0027\u0027 \" when is should not be added\n2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode\n2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode\n2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode\n2086294 - [dark mode] Can\u0027t see the number inside the donut chart in VMs per template card\n2086303 - non-priv user can\u0027t create VM when namespace is not selected\n2086479 - some modals use ?Save? and some modals use ?Submit?\n2086486 - cluster overview getting started card include old information\n2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend\n2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard\n2086803 - When clonnig a template we need to update vm labels and annotaions to match new template\n2086825 - VM restore PVC uses exact source PVC request size\n2086849 - Create from YAML example is not runnable\n2087188 - When VM is stopped - adding disk failed to show\n2087189 - When VM is stopped - adding disk failed to show\n2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2087546 - \"Quick Starts\" is missing in Getting started card\n2087547 - Activity and Status card are missing in Virtualization Overview\n2087559 - template in \"VMs per template\" should take user to vm list page\n2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists\n2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?\n2087577 - \"VMs per template\" load time is a bit long\n2087578 - Terminology \"VM\" should be \"Virtual Machine\" in all places\n2087582 - Remove VMI and MTV from the navigation\n2087583 - [RFE] Show more info about boot source in template list\n2087584 - Template provider should not be mandatory\n2087587 - Improve the descriptive text in the kebab menu of template\n2087589 - Red icons shows in storage disk source selection without a good reason\n2087590 - [REF] \"Upload a new file to a PVC\" should not open the form in a new tab\n2087593 - \"Boot method\" is not a good name in overview tab\n2087603 - Align details card for single VM overview with the design doc\n2087616 - align the utilization card of single VM overview with the design\n2087701 - [RFE] Missing a link to VMI from running VM details page\n2087717 - Message when editing template boot source is wrong\n2088034 - Virtualization Overview crashes when a VirtualMachine has no labels\n2088355 - disk modal shows all storage classes as default\n2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2088379 - Create VM from catalog does not respect the storageclass of the template\u0027s boot source\n2088407 - Missing create button in the template list\n2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context\n2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11\n2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error\n2088849 - \"dataimportcrontemplate.kubevirt.io/enable\" field does not do any validation\n2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco\n2089271 - Virtualization appears twice in sidebar\n2089327 - add network modal crash when no networks available\n2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page\n2089477 - [RFE] Allow upload source when adding VM disk\n2089700 - Drive column in Disks card of Overview page has duplicated values\n2089745 - When removing all disks from customize wizard app crashes\n2089789 - Add windows drivers disk is missing when template is not windows\n2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user\n2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages\n2089840 - Cant create snapshot if VM is without disks\n2089877 - Utilization card on single VM overview - timespan menu lacks 5min option\n2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update\n2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics\n2089954 - Details card on single VM overview - VNC console has grey padding\n2089963 - Details card on single VM overview - Operating system info is not available\n2089967 - Network Interfaces card on single VM overview - name tooltip lacks info\n2089970 - Network Interfaces card on single VM overview - IP tooltip\n2089972 - Disks card on single VM overview -typo\n2089979 - Single VM Details - CPU|Memory edit icon misplaced\n2089982 - Single VM Details - SSH modal has redundant VM name\n2090035 - Alert card is missing in single VM overview\n2090036 - OS should be \"Operating system\" and host should be \"hostname\" in single vm overview\n2090037 - Add template link in single vm overview details card\n2090038 - The update field under the version in overview should be consistent with the operator page\n2090042 - Move the edit button close to the text for \"boot order\" and \"ssh access\"\n2090043 - \"No resource selected\" in vm boot order\n2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page\n2090048 - \"Boot mode\" should be editable while VM is running\n2090054 - Services ?kubernetes\" and \"openshift\" should not be listing in vm details\n2090055 - Add link to vm template in vm details page\n2090056 - \"Something went wrong\" shows on VM \"Environment\" tab\n2090057 - \"?\" icon is too big in environment and disk tab\n2090059 - Failed to add configmap in environment tab due to validate error\n2090064 - Miss \"remote desktop\" in console dropdown list for windows VM\n2090066 - [RFE] Improve guest login credentials\n2090068 - Make the \"name\" and \"Source\" column wider in vm disk tab\n2090131 - Key\u0027s value in \"add affinity rule\" modal is too small\n2090350 - memory leak in virt-launcher process\n2091003 - SSH service is not deleted along the VM\n2091058 - After VM gets deleted, the user is redirected to a page with a different namespace\n2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. \n2091406 - wrong template namespace label when creating a vm with wizard\n2091754 - Scheduling and scripts tab should be editable while the VM is running\n2091755 - Change bottom \"Save\" to \"Apply\" on cloud-init script form\n2091756 - The root disk of cloned template should be editable\n2091758 - \"OS\" should be \"Operating system\" in template filter\n2091760 - The provider should be empty if it\u0027s not set during cloning\n2091761 - Miss \"Edit labels\" and \"Edit annotations\" in template kebab button\n2091762 - Move notification above the tabs in template details page\n2091764 - Clone a template should lead to the template details\n2091765 - \"Edit bootsource\" is keeping in load in template actions dropdown\n2091766 - \"Are you sure you want to leave this page?\" pops up when click the \"Templates\" link\n2091853 - On Snapshot tab of single VM \"Restore\" button should move to the kebab actions together with the Delete\n2091863 - BootSource edit modal should list affected templates\n2091868 - Catalog list view has two columns named \"BootSource\"\n2091889 - Devices should be editable for customize template\n2091897 - username is missing in the generated ssh command\n2091904 - VM is not started if adding \"Authorized SSH Key\" during vm creation\n2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root\n2091940 - SSH is not enabled in vm details after restart the VM\n2091945 - delete a template should lead to templates list\n2091946 - Add disk modal shows wrong units\n2091982 - Got a lot of \"Reconciler error\" in cdi-deployment log after adding custom DataImportCron to hco\n2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank\n2092052 - Virtualization should be omitted in Calatog breadcrumbs\n2092071 - Getting started card in Virtualization overview can not be hidden. \n2092079 - Error message stays even when problematic field is dismissed\n2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO\n2092228 - Ensure Machine Type for new VMs is 8.6\n2092230 - [RFE] Add indication/mark to deprecated template\n2092306 - VM is stucking with WaitingForVolumeBinding if creating via \"Boot from CD\"\n2092337 - os is empty in VM details page\n2092359 - [e2e] data-test-id includes all pvc name\n2092654 - [RFE] No obvious way to delete the ssh key from the VM\n2092662 - No url example for rhel and windows template\n2092663 - no hyperlink for URL example in disk source \"url\"\n2092664 - no hyperlink to the cdi uploadproxy URL\n2092781 - Details card should be removed for non admins. \n2092783 - Top consumers\u0027 card should be removed for non admins. \n2092787 - Operators links should be removed from Getting started card\n2092789 - \"Learn more about Operators\" link should lead to the Red Hat documentation\n2092951 - ?Edit BootSource? action should have more explicit information when disabled\n2093282 - Remove links to \u0027all-namespaces/\u0027 for non-privileged user\n2093691 - Creation flow drawer left padding is broken\n2093713 - Required fields in creation flow should be highlighted if empty\n2093715 - Optional parameters section in creation flow is missing bottom padding\n2093716 - CPU|Memory modal button should say \"Restore template settings?\n2093772 - Add a service in environment it reminds a pending change in boot order\n2093773 - Console crashed if adding a service without serial number\n2093866 - Cannot create vm from the template `vm-template-example`\n2093867 - OS for template \u0027vm-template-example\u0027 should matching the version of the image\n2094202 - Cloud-init username field should have hint\n2094207 - Cloud-init password field should have auto-generate option\n2094208 - SSH key input is missing validation\n2094217 - YAML view should reflect shanges in SSH form\n2094222 - \"?\" icon should be placed after red asterisk in required fields\n2094323 - Workload profile should be editable in template details page\n2094405 - adding resource on enviornment isnt showing on disks list when vm is running\n2094440 - Utilization pie charts figures are not based on current data\n2094451 - PVC selection in VM creation flow does not work for non-priv user\n2094453 - CD Source selection in VM creation flow is missing Upload option\n2094465 - Typo in Source tooltip\n2094471 - Node selector modal for non-privileged user\n2094481 - Tolerations modal for non-privileged user\n2094486 - Add affinity rule modal\n2094491 - Affinity rules modal button\n2094495 - Descheduler modal has same text in two lines\n2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id\n2094665 - Dedicated Resources modal for non-privileged user\n2094678 - Secrets and ConfigMaps can\u0027t be added to Windows VM\n2094727 - Creation flow should have VM info in header row\n2094807 - hardware devices dropdown has group title even with no devices in cluster\n2094813 - Cloudinit password is seen in wizard\n2094848 - Details card on Overview page - \u0027View details\u0027 link is missing\n2095125 - OS is empty in the clone modal\n2095129 - \"undefined\" appears in rootdisk line in clone modal\n2095224 - affinity modal for non-privileged users\n2095529 - VM migration cancelation in kebab action should have shorter name\n2095530 - Column sizes in VM list view\n2095532 - Node column in VM list view is visible to non-privileged user\n2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime\n2095570 - Details tab of VM should not have Node info for non-privileged user\n2095573 - Disks created as environment or scripts should have proper label\n2095953 - VNC console controls layout\n2095955 - VNC console tabs\n2096166 - Template \"vm-template-example\" is binding with namespace \"default\"\n2096206 - Inconsistent capitalization in Template Actions\n2096208 - Templates in the catalog list is not sorted\n2096263 - Incorrectly displaying units for Disks size or Memory field in various places\n2096333 - virtualization overview, related operators title is not aligned\n2096492 - Cannot create vm from a cloned template if its boot source is edited\n2096502 - \"Restore template settings\" should be removed from template CPU editor\n2096510 - VM can be created without any disk\n2096511 - Template shows \"no Boot Source\" and label \"Source available\" at the same time\n2096620 - in templates list, edit boot reference kebab action opens a modal with different title\n2096781 - Remove boot source provider while edit boot source reference\n2096801 - vnc thumbnail in virtual machine overview should be active on page load\n2096845 - Windows template\u0027s scripts tab is crashed\n2097328 - virtctl guestfs shouldn\u0027t required uid = 0\n2097370 - missing titles for optional parameters in wizard customization page\n2097465 - Count is not updating for \u0027prometheusrule\u0027 component when metrics kubevirt_hco_out_of_band_modifications_count executed\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2098134 - \"Workload profile\" column is not showing completely in template list\n2098135 - Workload is not showing correct in catalog after change the template\u0027s workload\n2098282 - Javascript error when changing boot source of custom template to be an uploaded file\n2099443 - No \"Quick create virtualmachine\" button for template \u0027vm-template-example\u0027\n2099533 - ConsoleQuickStart for HCO CR\u0027s VM is missing\n2099535 - The cdi-uploadproxy certificate url should be opened in a new tab\n2099539 - No storage option for upload while editing a disk\n2099566 - Cloudinit should be replaced by cloud-init in all places\n2099608 - \"DynamicB\" shows in vm-example disk size\n2099633 - Doc links needs to be updated\n2099639 - Remove user line from the ssh command section\n2099802 - Details card link shouldn\u0027t be hard-coded\n2100054 - Windows VM with WSL2 guest fails to migrate\n2100284 - Virtualization overview is crashed\n2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101485 - Cloudinit should be replaced by cloud-init in all places\n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer\n2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2102122 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2102124 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102127 - Cannot add NIC to VM template as non-priv user\n2102129 - All templates are labeling \"source available\" in template list page\n2102131 - The number of hardware devices is not correct in vm overview tab\n2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2102143 - vm clone modal is displaying DV size instead of PVC size\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102543 - Add button moved to right\n2102544 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102545 - VM filter has two \"Other\" checkboxes which are triggered together\n2104617 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106258 - All pages are crashed after visit Virtualization -\u003e Overview\n2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions\n2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111562 - kubevirt plugin console crashed after visit vmi page\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2081686 - CVE-2022-29165 argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled\n2081689 - CVE-2022-24905 argocd: Login screen allows message spoofing if SSO is enabled\n2081691 - CVE-2022-24904 argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0778"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"db": "PACKETSTORM",
"id": "166818"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167371"
},
{
"db": "PACKETSTORM",
"id": "167555"
},
{
"db": "PACKETSTORM",
"id": "166504"
},
{
"db": "PACKETSTORM",
"id": "166502"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "167225"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0778",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "167344",
"trust": 1.0
},
{
"db": "TENABLE",
"id": "TNS-2022-09",
"trust": 1.0
},
{
"db": "TENABLE",
"id": "TNS-2022-06",
"trust": 1.0
},
{
"db": "TENABLE",
"id": "TNS-2022-08",
"trust": 1.0
},
{
"db": "TENABLE",
"id": "TNS-2022-07",
"trust": 1.0
},
{
"db": "SIEMENS",
"id": "SSA-712929",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU99682885",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96890975",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90813125",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98905589",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99030761",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91676340",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92169998",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-259-06",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-143-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-226-21",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-272-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-059-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2022-0778",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167371",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166504",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166502",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168392",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167225",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"db": "PACKETSTORM",
"id": "166818"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167371"
},
{
"db": "PACKETSTORM",
"id": "167555"
},
{
"db": "PACKETSTORM",
"id": "166504"
},
{
"db": "PACKETSTORM",
"id": "166502"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "167225"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"id": "VAR-202203-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2376099833333333
},
"last_update_date": "2025-12-22T22:11:54.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2022-132 Software product security information",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1575",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1575"
},
{
"title": "Debian Security Advisories: DSA-5103-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4ecbdda56426ff105b6a2939daf5c4e7"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221077 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221078 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221082 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221073 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221091 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221076 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221071 - Security Advisory"
},
{
"title": "Red Hat: Low: compat-openssl10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225326 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.6.2 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221520 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221112 - Security Advisory"
},
{
"title": "Red Hat: Important: compat-openssl11 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224899 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221065 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.6.2 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221519 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221066 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1766",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1766"
},
{
"title": "Amazon Linux 2: ALAS2NITRO-ENCLAVES-2022-018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2NITRO-ENCLAVES-2022-018"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0778"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.10 security and extras update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221357 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.9.29 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221363 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.8.37 security and extras update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221370 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.10 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221356 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-07"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.4 and 10.1.2 Fix One Third-Party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-06"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.20.1: Patch 202204.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-08"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-041",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-041"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221390 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224668 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221389 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-121"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-132"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-118"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221739 - Security Advisory"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=af28f1c934f899990fae4f8d3f165957"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=aae1a589daaf238d6814b018feedaec7"
},
{
"title": "Red Hat: Important: RHV-H security update (redhat-virtualization-host) 4.3.22",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221263 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224690 - Security Advisory"
},
{
"title": "Red Hat: Important: RHACS 3.68 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225132 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222216 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Security and Bug update Release (5.2.10)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222218 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222217 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-126"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-09"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2010-1622 Bypass",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=bb2470489013d7c39502e755acaa670b"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221622 - Security Advisory"
},
{
"title": "Red Hat: Low: Release of OpenShift Serverless Version 1.22.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225840 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2023-126"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225070 - Security Advisory"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
},
{
"title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224956 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226526 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALASMARIADB10.5-2023-003",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASMARIADB10.5-2023-003"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-182",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-182"
},
{
"title": "CVE-2022-0778",
"trust": 0.1,
"url": "https://github.com/jeongjunsoo/CVE-2022-0778 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "infinite loop (CWE-835) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gdb3gqvjpxje7x5c5jn6jaa4xudwd6e6/"
},
{
"trust": 1.0,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.0,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0002"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/167344/openssl-1.0.2-1.1.1-3.0-bn_mod_sqrt-infinite-loop.html"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"trust": 1.0,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323snn6zx7prjjwp2buaflpuae42xwlz/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.0,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"trust": 1.0,
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w6k3pr542dxwleffmfidmme4cwmhjrmg/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90813125/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99682885/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98905589/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96890975/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91676340/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92169998/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99030761/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-272-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-059-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-21"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-06"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24761"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:1355"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:1369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24769"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1082"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24905"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24904"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24905"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "166818"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167371"
},
{
"db": "PACKETSTORM",
"id": "167555"
},
{
"db": "PACKETSTORM",
"id": "166504"
},
{
"db": "PACKETSTORM",
"id": "166502"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "167225"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"db": "PACKETSTORM",
"id": "166818"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167371"
},
{
"db": "PACKETSTORM",
"id": "167555"
},
{
"db": "PACKETSTORM",
"id": "166504"
},
{
"db": "PACKETSTORM",
"id": "166502"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "167225"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"date": "2022-04-22T14:13:53",
"db": "PACKETSTORM",
"id": "166818"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-06-03T15:30:23",
"db": "PACKETSTORM",
"id": "167371"
},
{
"date": "2022-06-21T15:22:18",
"db": "PACKETSTORM",
"id": "167555"
},
{
"date": "2022-03-28T15:55:39",
"db": "PACKETSTORM",
"id": "166504"
},
{
"date": "2022-03-28T15:55:23",
"db": "PACKETSTORM",
"id": "166502"
},
{
"date": "2022-09-15T14:20:18",
"db": "PACKETSTORM",
"id": "168392"
},
{
"date": "2022-05-19T15:53:12",
"db": "PACKETSTORM",
"id": "167225"
},
{
"date": "2022-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"date": "2022-03-15T17:15:08.513000",
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0778"
},
{
"date": "2025-09-22T01:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-001476"
},
{
"date": "2024-11-21T06:39:22.540000",
"db": "NVD",
"id": "CVE-2022-0778"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 of \u00a0BN_mod_sqrt()\u00a0 Problem that causes an infinite loop when the law in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "167188"
}
],
"trust": 0.1
}
}
VDE-2022-013
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-04-12 06:00 - Updated: 2025-05-14 13:00Summary
PHOENIX CONTACT: Multiple products affected by possible infinite loop within OpenSSL library
Notes
Summary:
FL MGUARD and TC MGUARD devices are affected by a possible infinite loop within a OpenSSL library method for parsing elliptic curve parameters. This method is used on parsing cryptographic certificates that contain elliptic curve public keys in compressed form, which may occur on:
Parsing client certificates for HTTPS administrative login
Parsing client certificates for SSH administrative login
Parsing peer certificates for IPsec VPN connections
Parsing certificates of external servers, including:
OpenVPN server
Configuration pull server
Update server
Attackers could try to exploit the vulnerability from remote.
For the mGuard Device Manager only the mdm Installer for Windows is affected.
UPDATE A: Added FL MGUARD 1102 and FL MGUARD 1105:
On FL MGUARD 1102 and FL MGUARD 1105 with mGuardNT 1.5.2 and older, the device can
be affected through an adapted certificate. This can occur on connection with a remote logging
server, configured for certificate authentication, or an remote authentication server at certificate
based authentication.
Impact: By sending a crafted certificate, attackers may trigger an infinite loop in the receiving service. This may cause the service to become unavailable. Additionally, the availability of other services may be reduced due to high CPU load.
FL MGUARD and TC MGUARD may be vulnerable in the following setups:
- Activated HTTPS administrative access with certificate-based authentication
- Activated SSH administrative access with certificate-based authentication
Use of IPsec VPN connections with certificate-based authentication
- Use of connections to external servers with certificate-based authentication, including:
1. OpenVPN server
2. Configuration pull server
3. Update server
FL WLAN may be vulnerable in the following setup:
- WLAN Client modes with activated certificate-based RADIUS server authentication
The services can be vulnerable, even when they are not configured to use elliptic curve cryptography explicitly.
Mitigation: To reduce the possibility of an attack, affected functionality could be deactivated or used only in a way that it is not exposed on untrusted interfaces.
Remediation: This vulnerability is fixed in firmware version 8.8.6. We strongly recommend all affected FL MGUARD and TC MGUARD users to upgrade to this or a later version.
PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.
For FL WLAN devices the vulnerability will be fixed in the next regular release. A release date is not yet defined.
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
7.5 (High)
Mitigation
To reduce the possibility of an attack, affected functionality could be deactivated or used only in a way that it is not exposed on untrusted interfaces.
Vendor Fix
This vulnerability is fixed in firmware version 8.8.6. We strongly recommend all affected FL MGUARD and TC MGUARD users to upgrade to this or a later version.
PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.
For FL WLAN devices the vulnerability will be fixed in the next regular release. A release date is not yet defined.
Affected products
Known affected
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — | ||
| Unresolved product id: CSAFPID-31033 | — | ||
| Unresolved product id: CSAFPID-31034 | — | ||
| Unresolved product id: CSAFPID-31035 | — | ||
| Unresolved product id: CSAFPID-31036 | — | ||
| Unresolved product id: CSAFPID-31037 | — | ||
| Unresolved product id: CSAFPID-31038 | — | ||
| Unresolved product id: CSAFPID-31039 | — | ||
| Unresolved product id: CSAFPID-31040 | — | ||
| Unresolved product id: CSAFPID-31041 | — | ||
| Unresolved product id: CSAFPID-31042 | — | ||
| Unresolved product id: CSAFPID-31043 | — | ||
| Unresolved product id: CSAFPID-31044 | — | ||
| Unresolved product id: CSAFPID-31045 | — | ||
| Unresolved product id: CSAFPID-31046 | — | ||
| Unresolved product id: CSAFPID-31047 | — | ||
| Unresolved product id: CSAFPID-31048 | — | ||
| Unresolved product id: CSAFPID-31049 | — | ||
| Unresolved product id: CSAFPID-31050 | — | ||
| Unresolved product id: CSAFPID-31051 | — | ||
| Unresolved product id: CSAFPID-31052 | — |
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — | ||
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — |
References
4 references
Acknowledgments
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "\nFL MGUARD and TC MGUARD devices are affected by a possible infinite loop within a OpenSSL library method for parsing elliptic curve parameters. This method is used on parsing cryptographic certificates that contain elliptic curve public keys in compressed form, which may occur on:\n\nParsing client certificates for HTTPS administrative login\nParsing client certificates for SSH administrative login\nParsing peer certificates for IPsec VPN connections\nParsing certificates of external servers, including:\nOpenVPN server\nConfiguration pull server\nUpdate server\nAttackers could try to exploit the vulnerability from remote.\nFor the mGuard Device Manager only the mdm Installer for Windows is affected.\n\nUPDATE A: Added FL MGUARD 1102 and FL MGUARD 1105:\n\nOn FL MGUARD 1102 and FL MGUARD 1105 with mGuardNT 1.5.2 and older, the device can\nbe affected through an adapted certificate. This can occur on connection with a remote logging\nserver, configured for certificate authentication, or an remote authentication server at certificate\nbased authentication.",
"title": "Summary"
},
{
"category": "description",
"text": "By sending a crafted certificate, attackers may trigger an infinite loop in the receiving service. This may cause the service to become unavailable. Additionally, the availability of other services may be reduced due to high CPU load.\n\nFL MGUARD and TC MGUARD may be vulnerable in the following setups:\n\n- Activated HTTPS administrative access with certificate-based authentication\n- Activated SSH administrative access with certificate-based authentication\nUse of IPsec VPN connections with certificate-based authentication\n- Use of connections to external servers with certificate-based authentication, including:\n 1. OpenVPN server\n 2. Configuration pull server\n 3. Update server\nFL WLAN may be vulnerable in the following setup:\n\n- WLAN Client modes with activated certificate-based RADIUS server authentication\n\nThe services can be vulnerable, even when they are not configured to use elliptic curve cryptography explicitly.",
"title": "Impact"
},
{
"category": "description",
"text": "To reduce the possibility of an attack, affected functionality could be deactivated or used only in a way that it is not exposed on untrusted interfaces.",
"title": "Mitigation"
},
{
"category": "description",
"text": "This vulnerability is fixed in firmware version 8.8.6. We strongly recommend all affected FL MGUARD and TC MGUARD users to upgrade to this or a later version.\n\nPHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.\n\nFor FL WLAN devices the vulnerability will be fixed in the next regular release. A release date is not yet defined.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT PSIRT ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-013: PHOENIX CONTACT: Multiple products affected by possible infinite loop within OpenSSL library - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-013/"
},
{
"category": "self",
"summary": "VDE-2022-013: PHOENIX CONTACT: Multiple products affected by possible infinite loop within OpenSSL library - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-013.json"
}
],
"title": "PHOENIX CONTACT: Multiple products affected by possible infinite loop within OpenSSL library",
"tracking": {
"aliases": [
"VDE-2022-013"
],
"current_release_date": "2025-05-14T13:00:15.000Z",
"generator": {
"date": "2025-03-31T07:15:47.332Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-013",
"initial_release_date": "2022-04-12T06:00:00.000Z",
"revision_history": [
{
"date": "2022-04-12T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2022-06-14T06:09:00.000Z",
"number": "2",
"summary": "Update A"
},
{
"date": "2025-05-14T13:00:15.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "FL MGUARD 1102",
"product": {
"name": "FL MGUARD 1102",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1153079"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 1105",
"product": {
"name": "FL MGUARD 1105",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1153078"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD CENTERPORT",
"product": {
"name": "FL MGUARD CENTERPORT",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2702547"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD CENTERPORT VPN-1000",
"product": {
"name": "FL MGUARD CENTERPORT VPN-1000",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2702820"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD CORE TX",
"product": {
"name": "FL MGUARD CORE TX",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2702884"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD CORE TX VPN",
"product": {
"name": "FL MGUARD CORE TX VPN",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2702831"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD DELTA TX/TX",
"product": {
"name": "FL MGUARD DELTA TX/TX",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2700967"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD DELTA TX/TX VPN",
"product": {
"name": "FL MGUARD DELTA TX/TX VPN",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2700968"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD DM UNLIMITED",
"product": {
"name": "FL MGUARD DM UNLIMITED",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2981974"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD GT/GT",
"product": {
"name": "FL MGUARD GT/GT",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2700197"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD GT/GT VPN",
"product": {
"name": "FL MGUARD GT/GT VPN",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2700198"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD PCI4000",
"product": {
"name": "FL MGUARD PCI4000",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2701274"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD PCI4000 VPN",
"product": {
"name": "FL MGUARD PCI4000 VPN",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2701275"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD PCI4000 VPN/K2",
"product": {
"name": "FL MGUARD PCI4000 VPN/K2",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"1073944"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD PCIE4000",
"product": {
"name": "FL MGUARD PCIE4000",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"2701277"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD PCIE4000 VPN",
"product": {
"name": "FL MGUARD PCIE4000 VPN",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"2701278"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD PCIE4000 VPN/K2",
"product": {
"name": "FL MGUARD PCIE4000 VPN/K2",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"1073940"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS2000 TX/TX-B",
"product": {
"name": "FL MGUARD RS2000 TX/TX-B",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"2702139"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS2000 TX/TX VPN",
"product": {
"name": "FL MGUARD RS2000 TX/TX VPN",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"2700642"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS2005 TX VPN",
"product": {
"name": "FL MGUARD RS2005 TX VPN",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"2701875"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4000 TX/TX",
"product": {
"name": "FL MGUARD RS4000 TX/TX",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"2700634"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4000 TX/TX-M",
"product": {
"name": "FL MGUARD RS4000 TX/TX-M",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"2702470"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4000 TX/TX-P",
"product": {
"name": "FL MGUARD RS4000 TX/TX-P",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"2702259"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4000 TX/TX VPN",
"product": {
"name": "FL MGUARD RS4000 TX/TX VPN",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"2200515"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4000 TX/TX VPN/K1",
"product": {
"name": "FL MGUARD RS4000 TX/TX VPN/K1",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"1053403"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4000 VPN/K2",
"product": {
"name": "FL MGUARD RS4000 VPN/K2",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"1073943"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4004 TX/DTX",
"product": {
"name": "FL MGUARD RS4004 TX/DTX",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"2701876"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4004 TX/DTX VPN",
"product": {
"name": "FL MGUARD RS4004 TX/DTX VPN",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"2701877"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD SMART2",
"product": {
"name": "FL MGUARD SMART2",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"2700640"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD SMART2 VPN",
"product": {
"name": "FL MGUARD SMART2 VPN",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"2700639"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD SMART2 VPN/K1",
"product": {
"name": "FL MGUARD SMART2 VPN/K1",
"product_id": "CSAFPID-11031",
"product_identification_helper": {
"model_numbers": [
"1053405"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1010",
"product": {
"name": "FL WLAN 1010",
"product_id": "CSAFPID-11032",
"product_identification_helper": {
"model_numbers": [
"2702899"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1011",
"product": {
"name": "FL WLAN 1011",
"product_id": "CSAFPID-11033",
"product_identification_helper": {
"model_numbers": [
"2702900"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1100",
"product": {
"name": "FL WLAN 1100",
"product_id": "CSAFPID-11034",
"product_identification_helper": {
"model_numbers": [
"2702534"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1101",
"product": {
"name": "FL WLAN 1101",
"product_id": "CSAFPID-11035",
"product_identification_helper": {
"model_numbers": [
"2702538"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2010",
"product": {
"name": "FL WLAN 2010",
"product_id": "CSAFPID-11036",
"product_identification_helper": {
"model_numbers": [
"1119246"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2011",
"product": {
"name": "FL WLAN 2011",
"product_id": "CSAFPID-11037",
"product_identification_helper": {
"model_numbers": [
"1119248"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2100",
"product": {
"name": "FL WLAN 2100",
"product_id": "CSAFPID-11038",
"product_identification_helper": {
"model_numbers": [
"2702535"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2101",
"product": {
"name": "FL WLAN 2101",
"product_id": "CSAFPID-11039",
"product_identification_helper": {
"model_numbers": [
"2702540"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 5100",
"product": {
"name": "FL WLAN 5100",
"product_id": "CSAFPID-11040",
"product_identification_helper": {
"model_numbers": [
"2700718"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 5101",
"product": {
"name": "FL WLAN 5101",
"product_id": "CSAFPID-11041",
"product_identification_helper": {
"model_numbers": [
"2701093"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 5102",
"product": {
"name": "FL WLAN 5102",
"product_id": "CSAFPID-11042",
"product_identification_helper": {
"model_numbers": [
"2701850"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 5110",
"product": {
"name": "FL WLAN 5110",
"product_id": "CSAFPID-11043",
"product_identification_helper": {
"model_numbers": [
"1043193"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 5111",
"product": {
"name": "FL WLAN 5111",
"product_id": "CSAFPID-11044",
"product_identification_helper": {
"model_numbers": [
"1043201"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS2000 3G VPN",
"product": {
"name": "TC MGUARD RS2000 3G VPN",
"product_id": "CSAFPID-11045",
"product_identification_helper": {
"model_numbers": [
"2903441"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS2000 4G ATT VPN",
"product": {
"name": "TC MGUARD RS2000 4G ATT VPN",
"product_id": "CSAFPID-11046",
"product_identification_helper": {
"model_numbers": [
"1010464"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS2000 4G VPN",
"product": {
"name": "TC MGUARD RS2000 4G VPN",
"product_id": "CSAFPID-11047",
"product_identification_helper": {
"model_numbers": [
"2903588"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS2000 4G VZW VPN",
"product": {
"name": "TC MGUARD RS2000 4G VZW VPN",
"product_id": "CSAFPID-11048",
"product_identification_helper": {
"model_numbers": [
"1010462"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 3G VPN",
"product": {
"name": "TC MGUARD RS4000 3G VPN",
"product_id": "CSAFPID-11049",
"product_identification_helper": {
"model_numbers": [
"2903440"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 4G ATT VPN",
"product": {
"name": "TC MGUARD RS4000 4G ATT VPN",
"product_id": "CSAFPID-11050",
"product_identification_helper": {
"model_numbers": [
"1010463"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 4G VPN",
"product": {
"name": "TC MGUARD RS4000 4G VPN",
"product_id": "CSAFPID-11051",
"product_identification_helper": {
"model_numbers": [
"2903586"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 4G VZW VPN",
"product": {
"name": "TC MGUARD RS4000 4G VZW VPN",
"product_id": "CSAFPID-11052",
"product_identification_helper": {
"model_numbers": [
"1010461"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.5.2",
"product": {
"name": "Firmware \u003c=1.5.2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.8.5",
"product": {
"name": "Firmware \u003c=8.8.5",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.13.0.1",
"product": {
"name": "Firmware \u003c=1.13.0.1",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=2.70",
"product": {
"name": "Firmware \u003c=2.70",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=3.21",
"product": {
"name": "Firmware \u003c=3.21",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "8.8.6.",
"product": {
"name": "Firmware 8.8.6.",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "1.13.0.2",
"product": {
"name": "Firmware 1.13.0.2",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.5.2 installed on FL MGUARD 1102",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.5.2 installed on FL MGUARD 1105",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD CENTERPORT",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD CENTERPORT VPN-1000",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD CORE TX",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD CORE TX VPN",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD DELTA TX/TX",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD DELTA TX/TX VPN",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.13.0.1 installed on FL MGUARD DM UNLIMITED",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD GT/GT",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD GT/GT VPN",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD PCI4000",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD PCI4000 VPN",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD PCI4000 VPN/K2",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD PCIE4000",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD PCIE4000 VPN",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD PCIE4000 VPN/K2",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS2000 TX/TX-B",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS2000 TX/TX VPN",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS2005 TX VPN",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4000 TX/TX",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4000 TX/TX-M",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4000 TX/TX-P",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4000 TX/TX VPN",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4000 TX/TX VPN/K1",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4000 VPN/K2",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4004 TX/DTX",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD RS4004 TX/DTX VPN",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD SMART2",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD SMART2 VPN",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on FL MGUARD SMART2 VPN/K1",
"product_id": "CSAFPID-31031"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 1010",
"product_id": "CSAFPID-31032"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 1011",
"product_id": "CSAFPID-31033"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11033"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 1100",
"product_id": "CSAFPID-31034"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 1101",
"product_id": "CSAFPID-31035"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11035"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 2010",
"product_id": "CSAFPID-31036"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 2011",
"product_id": "CSAFPID-31037"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11037"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 2100",
"product_id": "CSAFPID-31038"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11038"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.70 installed on FL WLAN 2101",
"product_id": "CSAFPID-31039"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11039"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=3.21 installed on FL WLAN 5100",
"product_id": "CSAFPID-31040"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11040"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=3.21 installed on FL WLAN 5101",
"product_id": "CSAFPID-31041"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11041"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=3.21 installed on FL WLAN 5102",
"product_id": "CSAFPID-31042"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11042"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=3.21 installed on FL WLAN 5110",
"product_id": "CSAFPID-31043"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11043"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=3.21 installed on FL WLAN 5111",
"product_id": "CSAFPID-31044"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11044"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS2000 3G VPN",
"product_id": "CSAFPID-31045"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11045"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS2000 4G ATT VPN",
"product_id": "CSAFPID-31046"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11046"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS2000 4G VPN",
"product_id": "CSAFPID-31047"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11047"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS2000 4G VZW VPN",
"product_id": "CSAFPID-31048"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11048"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS4000 3G VPN",
"product_id": "CSAFPID-31049"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11049"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS4000 4G ATT VPN",
"product_id": "CSAFPID-31050"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11050"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS4000 4G VPN",
"product_id": "CSAFPID-31051"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11051"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=8.8.5 installed on TC MGUARD RS4000 4G VZW VPN",
"product_id": "CSAFPID-31052"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11052"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD 1102",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD 1105",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD CENTERPORT",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD CENTERPORT VPN-1000",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD CORE TX",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD CORE TX VPN",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD DELTA TX/TX",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD DELTA TX/TX VPN",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.13.0.2 installed on FL MGUARD DM UNLIMITED",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD GT/GT",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD GT/GT VPN",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD PCI4000",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD PCI4000 VPN",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD PCI4000 VPN/K2",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD PCIE4000",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD PCIE4000 VPN",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD PCIE4000 VPN/K2",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS2000 TX/TX-B",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS2000 TX/TX VPN",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS2005 TX VPN",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4000 TX/TX",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4000 TX/TX-M",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4000 TX/TX-P",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4000 TX/TX VPN",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4000 TX/TX VPN/K1",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4000 VPN/K2",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4004 TX/DTX",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD RS4004 TX/DTX VPN",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD SMART2",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD SMART2 VPN",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on FL MGUARD SMART2 VPN/K1",
"product_id": "CSAFPID-32031"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS2000 3G VPN",
"product_id": "CSAFPID-32032"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11045"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS2000 4G ATT VPN",
"product_id": "CSAFPID-32033"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11046"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS2000 4G VPN",
"product_id": "CSAFPID-32034"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11047"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS2000 4G VZW VPN",
"product_id": "CSAFPID-32035"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11048"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS4000 3G VPN",
"product_id": "CSAFPID-32036"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11049"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS4000 4G ATT VPN",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11050"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS4000 4G VPN",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11051"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.6. installed on TC MGUARD RS4000 4G VZW VPN",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11052"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052"
]
},
"remediations": [
{
"category": "mitigation",
"details": "To reduce the possibility of an attack, affected functionality could be deactivated or used only in a way that it is not exposed on untrusted interfaces.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "This vulnerability is fixed in firmware version 8.8.6. We strongly recommend all affected FL MGUARD and TC MGUARD users to upgrade to this or a later version.\n\nPHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.\n\nFor FL WLAN devices the vulnerability will be fixed in the next regular release. A release date is not yet defined.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052"
]
}
],
"title": "CVE-2022-0778"
}
]
}
VDE-2022-046
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-11-10 07:00 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware
Notes
Summary: UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.
Impact: Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Remediation: Update to the latest LTS Firmware Release.
Update to the latest LTS PLCnext Engineer Release.
Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 8.2.4979.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when '--no-clobber' is used together with '--remove-on-error'.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
5.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
5.7 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like 'http://example.com%2F127.0.0.1/', would be allowed bythe parser and get transposed into 'http://example.com/127.0.0.1/'. This flawcan be used to circumvent filters, checks and more.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
libcurl provides the 'CURLOPT_CERTINFO' option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
5.9 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
A malicious server can serve excessive amounts of 'Set-Cookie:' headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on 'foo.example.com' can set cookies that also would match for 'bar.example.com', making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
vim is vulnerable to Heap-based Buffer Overflow
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
vim is vulnerable to Use After Free
7.3 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
vim is vulnerable to Out-of-bounds Read
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
References
4 references
Acknowledgments
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the latest LTS Firmware Release.\nUpdate to the latest LTS PLCnext Engineer Release.\n\nPlease check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT PSIRT ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-046: PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-046/"
},
{
"category": "self",
"summary": "VDE-2022-046: PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-046.json"
}
],
"title": "PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2022-046"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-01T06:22:01.779Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-046",
"initial_release_date": "2022-11-10T07:00:00.000Z",
"revision_history": [
{
"date": "2022-10-11T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2022-11-24T07:51:00.000Z",
"number": "2",
"summary": "Update A"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "ENERGY AXC PU",
"product": {
"name": "ENERGY AXC PU",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1502",
"product": {
"name": "EPC 1502",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1522",
"product": {
"name": "EPC 1522",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1185423"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC SG",
"product": {
"name": "SMARTRTU AXC SG",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2022.0.8 LTS",
"product": {
"name": "Firmware \u003c2022.0.8 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cV04.14.00.00",
"product": {
"name": "Firmware \u003cV04.14.00.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c2022.0.7 LTS",
"product": {
"name": "Firmware \u003c2022.0.7 LTS",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003cV01.09.00.00",
"product": {
"name": "Firmware \u003cV01.09.00.00",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "2022.0.8 LTS",
"product": {
"name": "Firmware 2022.0.8 LTS",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V04.14.00.00",
"product": {
"name": "Firmware V04.14.00.00",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "2022.0.7 LTS",
"product": {
"name": "Firmware 2022.0.7 LTS",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "V01.09.00.00",
"product": {
"name": "Firmware V01.09.00.00",
"product_id": "CSAFPID-22004"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV04.14.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V04.14.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.7 LTS installed on EPC 1502",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.7 LTS installed on EPC 1502",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.7 LTS installed on EPC 1522",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.7 LTS installed on EPC 1522",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11009"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-23308",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-23308"
},
{
"cve": "CVE-2022-28391",
"notes": [
{
"category": "description",
"text": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\u0027s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\u0027s colors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-28391"
},
{
"cve": "CVE-2022-0547",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0547"
},
{
"cve": "CVE-2022-1381",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1381"
},
{
"cve": "CVE-2022-1420",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1420"
},
{
"cve": "CVE-2022-1733",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1733"
},
{
"cve": "CVE-2022-1796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.4979.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1796"
},
{
"cve": "CVE-2022-1621",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1621"
},
{
"cve": "CVE-2022-1616",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1616"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25313"
},
{
"cve": "CVE-2021-45117",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-45117"
},
{
"cve": "CVE-2022-1619",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1619"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "description",
"text": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25235"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-1629",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1629"
},
{
"cve": "CVE-2022-1735",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1735"
},
{
"cve": "CVE-2022-1769",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1769"
},
{
"cve": "CVE-2022-1785",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1785"
},
{
"cve": "CVE-2022-1620",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1620"
},
{
"cve": "CVE-2022-1674",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1674"
},
{
"cve": "CVE-2022-1771",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1771"
},
{
"cve": "CVE-2022-1886",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1886"
},
{
"cve": "CVE-2022-1851",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1851"
},
{
"cve": "CVE-2022-1898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1898"
},
{
"cve": "CVE-2022-1720",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1720"
},
{
"cve": "CVE-2018-25032",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2022-22576",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-27778",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "description",
"text": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when \u0027--no-clobber\u0027 is used together with \u0027--remove-on-error\u0027.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "description",
"text": "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl\u0027s \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27782",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "description",
"text": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27774",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25314"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25315"
},
{
"cve": "CVE-2022-27776",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-30115",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-27780",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "description",
"text": "The curl URL parser wrongly accepts percent-encoded URL separators like \u0027/\u0027when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like \u0027http://example.com%2F127.0.0.1/\u0027, would be allowed bythe parser and get transposed into \u0027http://example.com/127.0.0.1/\u0027. This flawcan be used to circumvent filters, checks and more.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "libcurl provides the \u0027CURLOPT_CERTINFO\u0027 option to allow applications torequest details to be returned about a server\u0027s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27775",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "A malicious server can serve excessive amounts of \u0027Set-Cookie:\u0027 headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \u0027foo.example.com\u0027 can set cookies that also would match for \u0027bar.example.com\u0027, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2019-19906",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2022-24407",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-24407"
},
{
"cve": "CVE-2022-1154",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1154"
},
{
"cve": "CVE-2022-0943",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0943"
},
{
"cve": "CVE-2022-1160",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1160"
},
{
"cve": "CVE-2022-0729",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0729"
},
{
"cve": "CVE-2022-0572",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0572"
},
{
"cve": "CVE-2022-0696",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0696"
},
{
"cve": "CVE-2022-0685",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0685"
},
{
"cve": "CVE-2022-0714",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0714"
},
{
"cve": "CVE-2022-0361",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0361"
},
{
"cve": "CVE-2022-0368",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0368"
},
{
"cve": "CVE-2021-3973",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Heap-based Buffer Overflow",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-3973"
},
{
"cve": "CVE-2021-3796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Use After Free",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-3796"
},
{
"cve": "CVE-2021-4166",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Out-of-bounds Read",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-4166"
},
{
"cve": "CVE-2022-1927",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-2129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-2183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2343",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2207",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2210",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2345",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2208",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2287",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2285",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2285"
},
{
"cve": "CVE-2022-2284",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2289",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2264",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2206",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2257"
},
{
"cve": "CVE-2022-29862",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29862"
},
{
"cve": "CVE-2022-29864",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29864"
}
]
}
WID-SEC-W-2022-0065
Vulnerability from csaf_certbund - Published: 2022-03-15 23:00 - Updated: 2025-10-20 22:00Summary
OpenSSL: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Appliance
- Hardware Appliance
- Linux
- NetApp Appliance
- UNIX
Affected products
Known affected
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Unify OpenScape Contact Center
Unify
|
cpe:/a:unify:openscape_contact_center:-
|
— | |
|
Unify OpenScape Voice
Unify
|
cpe:/a:unify:openscape_voice:-
|
— | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
Unify OpenScape SBC
Unify
|
cpe:/a:unify:openscape_sbc:-
|
— | |
|
IBM Security Verify Access 10.0.0.0-10.0.6.1
IBM / Security Verify Access
|
cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1
|
10.0.0.0-10.0.6.1 | |
|
Broadcom Brocade Switch
Broadcom
|
cpe:/h:brocade:switch:-
|
— | |
|
IBM Rational Build Forge <8.0.0.24
IBM / Rational Build Forge
|
<8.0.0.24 | ||
|
Palo Alto Networks PAN-OS
Palo Alto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
IBM Spectrum Protect
IBM
|
cpe:/a:ibm:spectrum_protect:-
|
— | |
|
genua genuscreen <8.0p3
genua / genuscreen
|
<8.0p3 | ||
|
genua genuscreen <7.6p6
genua / genuscreen
|
<7.6p6 | ||
|
genua genugate <9.0p24
genua / genugate
|
<9.0p24 | ||
|
Ubuntu Linux
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Juniper JUNOS
Juniper / JUNOS
|
cpe:/o:juniper:junos:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Checkmk Checkmk <2.1.0b3
tribe29 / checkmk
|
<2.1.0b3 | ||
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
SonicWall SonicOS
SonicWall
|
cpe:/o:sonicwall:sonicos:-
|
— | |
|
HPE Switch
HPE
|
cpe:/h:hp:switch:-
|
— | |
|
WatchGuard Firebox <12.8 Update 1
WatchGuard / Firebox
|
<12.8 Update 1 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Dell NetWorker <19.10
Dell / NetWorker
|
<19.10 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
NetApp AFF
NetApp
|
cpe:/h:netapp:aff:-
|
— | |
|
Aruba ClearPass Policy Manager
Aruba
|
cpe:/a:arubanetworks:clearpass_policy_manager:-
|
— | |
|
SolarWinds Orion
SolarWinds
|
cpe:/a:solarwinds:orion_core_services:-
|
— | |
|
IBM Security Identity Manager 10.0.1.0
IBM / Security Identity Manager
|
cpe:/a:ibm:security_identity_manager:10.0.1.0
|
10.0.1.0 | |
|
genua genugate <10.0p7
genua / genugate
|
<10.0p7 | ||
|
Hitachi Energy RTU500
Hitachi Energy
|
cpe:/h:abb:rtu500:-
|
— | |
|
genua genugate <10.3p3
genua / genugate
|
<10.3p3 | ||
|
NetApp StorageGRID
NetApp
|
cpe:/a:netapp:storagegrid:-
|
— | |
|
genua genugate <10.2p6
genua / genugate
|
<10.2p6 | ||
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Fortinet FortiAuthenticator
Fortinet
|
cpe:/a:fortinet:fortiauthenticator:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Synology DiskStation Manager
Synology
|
cpe:/a:synology:diskstation_manager:-
|
— | |
|
Fortinet FortiMail
Fortinet
|
cpe:/a:fortinet:fortimail:-
|
— | |
|
Fortinet FortiSwitch
Fortinet
|
cpe:/h:fortinet:fortiswitch:-
|
— | |
|
Meinberg LANTIME <V6.24.030
Meinberg / LANTIME
|
<V6.24.030 | ||
|
Unify OpenScape Accouting
Unify
|
cpe:/a:unify:openscape_accounting:-
|
— | |
|
Unify OpenScape Concierge
Unify
|
cpe:/a:unify:openscape_concierge:-
|
— | |
|
SolarWinds Platform <2025.4
SolarWinds / Platform
|
<2025.4 | ||
|
Meinberg LANTIME <V7.04.015
Meinberg / LANTIME
|
<V7.04.015 | ||
|
Tenable Security Nessus
Tenable Security
|
cpe:/a:tenable:nessus:-
|
— | |
|
Checkmk Checkmk <2.2.0i1
tribe29 / checkmk
|
<2.2.0i1 | ||
|
Fortinet FortiOS
Fortinet
|
cpe:/o:fortinet:fortios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
Pulse Secure Pulse Connect Secure
Pulse Secure
|
cpe:/a:pulsesecure:pulse_connect_secure:8.0
|
— | |
|
QNAP NAS
QNAP
|
cpe:/h:qnap:nas:-
|
— | |
|
HPE NonStop Server
HPE
|
cpe:/h:hp:nonstop_server:-
|
— | |
|
Siemens SIMATIC WinCC
Siemens
|
cpe:/a:siemens:simatic_wincc:-
|
— | |
|
Unify OpenScape Xpressions
Unify
|
cpe:/a:unify:openscape_xpressions:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Ubuntu Linux
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Unify SESAP
Unify
|
cpe:/a:unify:sesap:-
|
— | |
|
Unify OpenScape WLAN Phone
Unify
|
cpe:/h:unify:openscape_wlan_phone:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fortinet FortiManager
Fortinet
|
cpe:/a:fortinet:fortimanager:-
|
— | |
|
Open Source LibreSSL <3.3.6
Open Source / LibreSSL
|
<3.3.6 | ||
|
Juniper JUNOS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:evolved
|
Evolved | |
|
Autodesk AutoCAD
Autodesk
|
cpe:/a:autodesk:autocad:-
|
— | |
|
Open Source OpenSSL <3.0.2
Open Source / OpenSSL
|
<3.0.2 | ||
|
Oracle VM 3
Oracle / VM
|
cpe:/a:oracle:vm:3
|
3 | |
|
Open Source OpenSSL <1.0.2zd
Open Source / OpenSSL
|
<1.0.2zd | ||
|
Open Source OpenSSL <1.1.1n
Open Source / OpenSSL
|
<1.1.1n | ||
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
SolarWinds Platform <2024.2
SolarWinds / Platform
|
<2024.2 | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Extreme Networks IQ Engine <10.6r2
Extreme Networks / IQ Engine
|
<10.6r2 | ||
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
5 | |
|
Unify OpenScape 4000
Unify
|
cpe:/h:unify:openscape_4000:-
|
— | |
|
Unify OpenScape Mediaserver
Unify
|
cpe:/a:unify:openscape_mediaserver:-
|
— | |
|
Unify OpenScape Business
Unify
|
cpe:/a:unify:openscape_business:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Open Source Node.js
Open Source
|
cpe:/a:nodejs:nodejs:-
|
— | |
|
Unify OpenScape Xpert
Unify
|
cpe:/h:unify:openscape_xpert:-
|
— | |
|
Unify OpenScape Desk Phone
Unify
|
cpe:/h:unify:openscape_deskphone:-
|
— | |
|
Unify OpenScape Cordless IP
Unify
|
cpe:/a:unify:openscape_cordless_ip:-
|
— | |
|
Unify OpenScape Branch
Unify
|
cpe:/h:unify:openscape_branch:-
|
— | |
|
Fortinet FortiAnalyzer
Fortinet
|
cpe:/a:fortinet:fortianalyzer:-
|
— | |
|
Fortinet FortiClient
Fortinet
|
cpe:/a:fortinet:forticlient:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
Open Source LibreSSL <3.4.3
Open Source / LibreSSL
|
<3.4.3 | ||
|
Open Source LibreSSL <3.5.1
Open Source / LibreSSL
|
<3.5.1 | ||
|
HPE Integrated Lights-Out 4
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:4
|
4 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Open Source OPNsense <22.1.4
Open Source / OPNsense
|
<22.1.4 | ||
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
HPE Fabric OS <9.0.1e
HPE / Fabric OS
|
<9.0.1e | ||
|
HPE Fabric OS <9.1.1
HPE / Fabric OS
|
<9.1.1 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Dell Avamar <2022R2
Dell / Avamar
|
<2022R2 | ||
|
IBM AIX
IBM
|
cpe:/o:ibm:aix:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Tenable Security Nessus Network Monitor <6.0.1
Tenable Security / Nessus Network Monitor
|
<6.0.1 |
References
140 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- Hardware Appliance\n- Linux\n- NetApp Appliance\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0065 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0065.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0065 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0065"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2022-03-15",
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"category": "external",
"summary": "PoC vom 2022-03-15",
"url": "https://github.com/drago-96/CVE-2022-0778"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory vom 2022-03-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1766.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010451.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010448.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010449.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010450.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010453.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010452.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010455.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010454.html"
},
{
"category": "external",
"summary": "SUSE Security Advisory vom 2022-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010447.html"
},
{
"category": "external",
"summary": "Debian Security Advisory vom 2022-03-15",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00071.html"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory vom 2022-03-15",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-22:03.openssl.asc"
},
{
"category": "external",
"summary": "Ubuntu Security Advisory vom 2022-03-15",
"url": "https://ubuntu.com/security/notices/USN-5328-1"
},
{
"category": "external",
"summary": "Ubuntu Security Advisory vom 2022-03-15",
"url": "https://ubuntu.com/security/notices/USN-5328-2"
},
{
"category": "external",
"summary": "LibreSSL Security Advisory vom 2022-03-15",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.6-relnotes.txt"
},
{
"category": "external",
"summary": "LibreSSL Security Advisory vom 2022-03-15",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt"
},
{
"category": "external",
"summary": "LibreSSL Security Advisory vom 2022-03-15",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.1-relnotes.txt"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1575 vom 2022-03-16",
"url": "https://alas.aws.amazon.com/ALAS-2022-1575.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-041 vom 2022-03-17",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-041.html"
},
{
"category": "external",
"summary": "Node.js OpenSSL Security Release",
"url": "https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2952 vom 2022-03-17",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2953 vom 2022-03-17",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"category": "external",
"summary": "Synology Security Advisory SYNOLOGY-SA-22:04 vom 2022-03-18",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_22_04"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9224 vom 2022-03-18",
"url": "https://linux.oracle.com/errata/ELSA-2022-9224.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9237 vom 2022-03-19",
"url": "https://linux.oracle.com/errata/ELSA-2022-9237.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9225 vom 2022-03-18",
"url": "https://linux.oracle.com/errata/ELSA-2022-9225.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20220321-0002 vom 2022-03-21",
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2022-06 vom 2022-03-21",
"url": "https://kb.igel.com/securitysafety/en/isn-2022-06-openssl-denial-of-service-57327268.html"
},
{
"category": "external",
"summary": "SonicWall Security Advisory SNWLID-2022-0002 vom 2022-03-22",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:0935-1 vom 2022-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010502.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9233 vom 2022-03-23",
"url": "https://linux.oracle.com/errata/ELSA-2022-9233.html"
},
{
"category": "external",
"summary": "CheckMK Werk 13725 vom 2022-03-15",
"url": "https://checkmk.com/de/werk/13725"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9246 vom 2022-03-24",
"url": "http://linux.oracle.com/errata/ELSA-2022-9246.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1066 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1066"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1078 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1078"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1077 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1077"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1076 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1076"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1073 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1073"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1071 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1071"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1065 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1065"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1082 vom 2022-03-28",
"url": "https://access.redhat.com/errata/RHSA-2022:1082"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1091 vom 2022-03-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1091"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1065 vom 2022-03-28",
"url": "https://linux.oracle.com/errata/ELSA-2022-1065.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1066 vom 2022-03-29",
"url": "https://linux.oracle.com/errata/ELSA-2022-1066.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:1066 vom 2022-03-29",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-March/073577.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1112 vom 2022-03-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1112"
},
{
"category": "external",
"summary": "QNAP Security Advisory QSA-22-06 vom 2022-03-30",
"url": "https://www.qnap.com/go/security-advisory/qsa-22-06"
},
{
"category": "external",
"summary": "Nessus Security Advisory",
"url": "https://de.tenable.com/security/tns-2022-06"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-190175 vom 2022-03-31",
"url": "https://security.paloaltonetworks.com/CVE-2022-0778"
},
{
"category": "external",
"summary": "Nessus Security Advisory",
"url": "https://de.tenable.com/security/tns-2022-07?tns_redirect=true"
},
{
"category": "external",
"summary": "FortiGuard Labs PSIRT Advisory FG-IR-22-059 vom 2022-04-01",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-059"
},
{
"category": "external",
"summary": "FortiGuard Labs PSIRT Advisory FG-IR-22-059 vom 2022-04-02",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-059"
},
{
"category": "external",
"summary": "Meinberg Security Advisory MBGSA-2022.01 vom 2022-04-05",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2022-01-meinberg-lantime-firmware-v7-04-015-und-v6-24-030.htm"
},
{
"category": "external",
"summary": "Genua Patch",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-102p6-verfuegbar.html"
},
{
"category": "external",
"summary": "Genua Patch",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-103p3-verfuegbar.html"
},
{
"category": "external",
"summary": "Genua Patch",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genuscreen-box-crypt-card-wall-80p3-verfuegbar.html"
},
{
"category": "external",
"summary": "Genua Patch",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genuscreen-box-crypt-card-wall-76p6-verfuegbar.html"
},
{
"category": "external",
"summary": "Genua Patch",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-90p24-verfuegbar.html"
},
{
"category": "external",
"summary": "Genua Patch",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p7-verfuegbar.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1263 vom 2022-04-07",
"url": "https://access.redhat.com/errata/RHSA-2022:1263"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9272 vom 2022-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:0861-1 vom 2022-04-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010706.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1389 vom 2022-04-21",
"url": "https://access.redhat.com/errata/RHSA-2022:1389"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1390 vom 2022-04-21",
"url": "https://access.redhat.com/errata/RHSA-2022:1390"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1357 vom 2022-04-22",
"url": "https://access.redhat.com/errata/RHSA-2022:1357"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1363 vom 2022-04-21",
"url": "https://access.redhat.com/errata/RHSA-2022:1363"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1370 vom 2022-04-22",
"url": "https://access.redhat.com/errata/RHSA-2022:1370"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1476 vom 2022-04-21",
"url": "https://access.redhat.com/errata/RHSA-2022:1476"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1356 vom 2022-04-22",
"url": "https://access.redhat.com/errata/RHSA-2022:1356"
},
{
"category": "external",
"summary": "Watchguard Fireware v12.8 Update 1",
"url": "https://www.watchguard.com/wgrd-blog/fireware-v128-update-1"
},
{
"category": "external",
"summary": "OPNsense Release Notes",
"url": "https://opnsense.org/opnsense-22-1-4-released/"
},
{
"category": "external",
"summary": "Arista Security Advisory 0075",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15438-security-advisory-0075"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2022-018 vom 2022-04-28",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2022-018.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1459-1 vom 2022-04-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010863.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1462-1 vom 2022-04-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1461-1 vom 2022-04-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010865.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1622 vom 2022-05-04",
"url": "https://access.redhat.com/errata/RHSA-2022:1622"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1536-1 vom 2022-05-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010932.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10",
"url": "http://www.auscert.org.au/bulletins/ESB-2022.2191"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10 vom 2022-05-09",
"url": "https://www.tenable.com/security/tns-2022-10"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2022-12 vom 2022-05-10",
"url": "https://kb.igel.com/securitysafety/en/isn-2022-12-teradici-pcoip-library-vulnerabilities-57343640.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2218 vom 2022-05-12",
"url": "https://access.redhat.com/errata/RHSA-2022:2218"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2217 vom 2022-05-12",
"url": "https://access.redhat.com/errata/RHSA-2022:2217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2216 vom 2022-05-12",
"url": "https://access.redhat.com/errata/RHSA-2022:2216"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6586112 vom 2022-05-13",
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory35.asc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4690 vom 2022-05-19",
"url": "https://access.redhat.com/errata/RHSA-2022:4690"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory ARUBA-PSA-2022-009 vom 2022-06-03",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-009.txt"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4896 vom 2022-06-03",
"url": "https://access.redhat.com/errata/RHSA-2022:4896"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4899 vom 2022-06-04",
"url": "https://access.redhat.com/errata/RHSA-2022:4899"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4956 vom 2022-06-09",
"url": "https://access.redhat.com/errata/RHSA-2022:4956"
},
{
"category": "external",
"summary": "Siemens Security Advisory",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX22-012",
"url": "https://security.business.xerox.com/wp-content/uploads/2022/06/Xerox-Security-Bulletin-XRX22-012-FreeFlow-Printer.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5326 vom 2022-07-01",
"url": "https://access.redhat.com/errata/RHSA-2022:5326"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-5326 vom 2022-07-01",
"url": "http://linux.oracle.com/errata/ELSA-2022-5326.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-4899 vom 2022-07-01",
"url": "http://linux.oracle.com/errata/ELSA-2022-4899.html"
},
{
"category": "external",
"summary": "Unify Security Advisory Report OBSO-2207-01 vom 2022-07-14",
"url": "https://networks.unify.com/security/advisories/OBSO-2207-01.pdf"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-121 vom 2022-07-22",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-121/index.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-126 vom 2022-07-28",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-126/index.html"
},
{
"category": "external",
"summary": "Autodesk Security Advisory ADSK-SA-2022-0016 vom 2022-08-02",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0016"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2022-099 vom 2022-08-22",
"url": "https://downloads.avaya.com/css/P8/documents/101083272"
},
{
"category": "external",
"summary": "HPE Security Bulletin HPESBHF04366 rev.1 vom 2022-09-15",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf04366en_us\u0026hprpt_id=ALERT_HPE_3034479\u0026jumpid=em_pom8nu6hj_aid-520066529"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6622079 vom 2022-09-22",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-sql-file-indexing-and-windows-host-agents/"
},
{
"category": "external",
"summary": "SolarWinds Platform 2022.3 Release Notes",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
},
{
"category": "external",
"summary": "Brocade Security Advisory ID",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1752"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"category": "external",
"summary": "Pulse Secure Security Advisory SA45520 vom 2022-10-13",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202210-02 vom 2022-10-16",
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6829329 vom 2022-10-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server-3/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6832966 vom 2022-11-01",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-flashsystem-models-fs900-and-v9000/"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/6849249"
},
{
"category": "external",
"summary": "Juniper Security Bulletin JSA70180 vom 2023-01-12",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
},
{
"category": "external",
"summary": "Juniper Security Bulletin JSA70186 vom 2023-01-12",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
},
{
"category": "external",
"summary": "Hitachi Cybersecurity Advisory vom 2023-04-25",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02"
},
{
"category": "external",
"summary": "F5 Security Advisory K31323265 vom 2023-06-02",
"url": "https://my.f5.com/manage/s/article/K31323265"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-126 vom 2023-07-18",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-126/index.html"
},
{
"category": "external",
"summary": "HPE Securi+y Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04494en_us"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2023-0012 vom 2023-08-17",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001077.html"
},
{
"category": "external",
"summary": "Hitachi Energy Cybersecurity Advisory vom 2023-08-29",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000153-CSAF\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6457-1 vom 2023-10-30",
"url": "https://ubuntu.com/security/notices/USN-6457-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7063708 vom 2023-10-31",
"url": "https://www.ibm.com/support/pages/node/7063708"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13026 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13026.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13025 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13025.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-32790 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-32790.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13024 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13024.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13027 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13027.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-32791 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-32791.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108821 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108821"
},
{
"category": "external",
"summary": "ExtremeNetworks Vulnerability Notice SA-2022-006 vom 2024-01-22",
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000104007"
},
{
"category": "external",
"summary": "Dell Knowledge Base Article",
"url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2502 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2502.html"
},
{
"category": "external",
"summary": "SolarWinds Platform 2024.2 release notes vom 2024-06-04",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05",
"url": "https://linux.oracle.com/errata/ELSA-2024-12408.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12842 vom 2024-11-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-12842.html"
},
{
"category": "external",
"summary": "HPE Security Advisory vom 2025-05-22",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04859en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2022-231 vom 2025-09-19",
"url": "https://www.dell.com/support/kbdoc/de-de/000202651/dsa-2022-231-dell-emc-avamar-security-update-for-openssl-vulnerability"
},
{
"category": "external",
"summary": "SolarWinds Platform 2025.4 release notes vom 2025-10-21",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-4_release_notes.htm"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-10-20T22:00:00.000+00:00",
"generator": {
"date": "2025-10-21T11:03:55.353+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-0065",
"initial_release_date": "2022-03-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-03-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-03-16T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-03-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-03-20T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-03-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von NetApp und IGEL aufgenommen"
},
{
"date": "2022-03-22T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Tribe29 aufgenommen"
},
{
"date": "2022-03-24T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-03-27T22:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-8BB51F6901"
},
{
"date": "2022-03-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-29T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von CentOS und Red Hat aufgenommen"
},
{
"date": "2022-03-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von QNAP, Tenable und Palo Alto Networks aufgenommen"
},
{
"date": "2022-03-31T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Tenable und Oracle Linux aufgenommen"
},
{
"date": "2022-04-03T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fortinet aufgenommen"
},
{
"date": "2022-04-04T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Meinberg aufgenommen"
},
{
"date": "2022-04-05T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-04-06T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-10T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-04-13T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-04-20T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-21T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-25T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-04-26T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-04-27T22:00:00.000+00:00",
"number": "23",
"summary": "doppelte Eintr\u00e4ge entfernt"
},
{
"date": "2022-04-28T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Amazon und SUSE aufgenommen"
},
{
"date": "2022-05-04T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-09T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2022-05-10T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IGEL aufgenommen"
},
{
"date": "2022-05-11T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-15T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-02T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Aruba aufgenommen"
},
{
"date": "2022-06-06T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-08T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-13T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Siemens aufgenommen"
},
{
"date": "2022-06-14T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2022-06-30T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-07-03T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-07-14T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Unify aufgenommen"
},
{
"date": "2022-07-21T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-07-28T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-08-01T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Autodesk aufgenommen"
},
{
"date": "2022-08-23T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2022-09-18T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2022-09-21T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-09-28T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Pulse Secure aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Gentoo und IBM aufgenommen"
},
{
"date": "2022-10-31T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2023-05-23T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-06-04T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2023-07-17T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-08-13T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von ORACLE aufgenommen"
},
{
"date": "2023-08-28T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-17T23:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von ExtremeNetworks aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-20T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "70"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Aruba ArubaOS",
"product": {
"name": "Aruba ArubaOS",
"product_id": "T021926",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:-"
}
}
},
{
"category": "product_name",
"name": "Aruba ClearPass Policy Manager",
"product": {
"name": "Aruba ClearPass Policy Manager",
"product_id": "T023403",
"product_identification_helper": {
"cpe": "cpe:/a:arubanetworks:clearpass_policy_manager:-"
}
}
},
{
"category": "product_name",
"name": "Aruba Switch",
"product": {
"name": "Aruba Switch",
"product_id": "T016786",
"product_identification_helper": {
"cpe": "cpe:/h:arubanetworks:switch:-"
}
}
}
],
"category": "vendor",
"name": "Aruba"
},
{
"branches": [
{
"category": "product_name",
"name": "Autodesk AutoCAD",
"product": {
"name": "Autodesk AutoCAD",
"product_id": "950",
"product_identification_helper": {
"cpe": "cpe:/a:autodesk:autocad:-"
}
}
}
],
"category": "vendor",
"name": "Autodesk"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Communication Manager",
"product": {
"name": "Avaya Aura Communication Manager",
"product_id": "T015126",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:communication_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Experience Portal",
"product": {
"name": "Avaya Aura Experience Portal",
"product_id": "T015519",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_experience_portal:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade Switch",
"product": {
"name": "Broadcom Brocade Switch",
"product_id": "T015844",
"product_identification_helper": {
"cpe": "cpe:/h:brocade:switch:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2022R2",
"product": {
"name": "Dell Avamar \u003c2022R2",
"product_id": "T047104"
}
},
{
"category": "product_version",
"name": "2022R2",
"product": {
"name": "Dell Avamar 2022R2",
"product_id": "T047104-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:2022r2"
}
}
}
],
"category": "product_name",
"name": "Avamar"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.10",
"product": {
"name": "Dell NetWorker \u003c19.10",
"product_id": "T032354"
}
},
{
"category": "product_version",
"name": "19.1",
"product": {
"name": "Dell NetWorker 19.10",
"product_id": "T032354-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6r2",
"product": {
"name": "Extreme Networks IQ Engine \u003c10.6r2",
"product_id": "T032273"
}
},
{
"category": "product_version",
"name": "10.6r2",
"product": {
"name": "Extreme Networks IQ Engine 10.6r2",
"product_id": "T032273-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:extremenetworks:iq_engine:10.6r2"
}
}
}
],
"category": "product_name",
"name": "IQ Engine"
}
],
"category": "vendor",
"name": "Extreme Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fortinet FortiAnalyzer",
"product": {
"name": "Fortinet FortiAnalyzer",
"product_id": "T022516",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortianalyzer:-"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiAuthenticator",
"product": {
"name": "Fortinet FortiAuthenticator",
"product_id": "1002224",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortiauthenticator:-"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiClient",
"product": {
"name": "Fortinet FortiClient",
"product_id": "T022517",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:forticlient:-"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiMail",
"product": {
"name": "Fortinet FortiMail",
"product_id": "T022518",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimail:-"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiManager",
"product": {
"name": "Fortinet FortiManager",
"product_id": "T003827",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:-"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiOS",
"product": {
"name": "Fortinet FortiOS",
"product_id": "T009615",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:-"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiSwitch",
"product": {
"name": "Fortinet FortiSwitch",
"product_id": "T022519",
"product_identification_helper": {
"cpe": "cpe:/h:fortinet:fortiswitch:-"
}
}
}
],
"category": "vendor",
"name": "Fortinet"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.1",
"product": {
"name": "HPE Fabric OS \u003c9.1.1",
"product_id": "T024587"
}
},
{
"category": "product_version",
"name": "9.1.1",
"product": {
"name": "HPE Fabric OS 9.1.1",
"product_id": "T024587-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:hpe:fabric_os:9.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.1e",
"product": {
"name": "HPE Fabric OS \u003c9.0.1e",
"product_id": "T024588"
}
},
{
"category": "product_version",
"name": "9.0.1e",
"product": {
"name": "HPE Fabric OS 9.0.1e",
"product_id": "T024588-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:hpe:fabric_os:9.1.19.0.1e"
}
}
}
],
"category": "product_name",
"name": "Fabric OS"
},
{
"branches": [
{
"category": "product_version",
"name": "5",
"product": {
"name": "HPE Integrated Lights-Out 5",
"product_id": "T012640",
"product_identification_helper": {
"cpe": "cpe:/h:hp:integrated_lights-out:5"
}
}
},
{
"category": "product_version",
"name": "4",
"product": {
"name": "HPE Integrated Lights-Out 4",
"product_id": "T014339",
"product_identification_helper": {
"cpe": "cpe:/h:hp:integrated_lights-out:4"
}
}
}
],
"category": "product_name",
"name": "Integrated Lights-Out"
},
{
"category": "product_name",
"name": "HPE NonStop Server",
"product": {
"name": "HPE NonStop Server",
"product_id": "4918",
"product_identification_helper": {
"cpe": "cpe:/h:hp:nonstop_server:-"
}
}
},
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T009310",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
},
{
"category": "product_name",
"name": "HPE Switch",
"product": {
"name": "HPE Switch",
"product_id": "T005119",
"product_identification_helper": {
"cpe": "cpe:/h:hp:switch:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Energy RTU500",
"product": {
"name": "Hitachi Energy RTU500",
"product_id": "T027844",
"product_identification_helper": {
"cpe": "cpe:/h:abb:rtu500:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi Energy"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM AIX",
"product": {
"name": "IBM AIX",
"product_id": "5094",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:-"
}
}
},
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.24",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.24",
"product_id": "T030689"
}
},
{
"category": "product_version",
"name": "8.0.0.24",
"product": {
"name": "IBM Rational Build Forge 8.0.0.24",
"product_id": "T030689-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.24"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"branches": [
{
"category": "product_version",
"name": "10.0.1.0",
"product": {
"name": "IBM Security Identity Manager 10.0.1.0",
"product_id": "T025664",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_identity_manager:10.0.1.0"
}
}
}
],
"category": "product_name",
"name": "Security Identity Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "10.0.0.0-10.0.6.1",
"product": {
"name": "IBM Security Verify Access 10.0.0.0-10.0.6.1",
"product_id": "T031895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
},
{
"category": "product_name",
"name": "IBM Spectrum Protect",
"product": {
"name": "IBM Spectrum Protect",
"product_id": "T013661",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
},
{
"category": "product_version",
"name": "Evolved",
"product": {
"name": "Juniper JUNOS Evolved",
"product_id": "T018886",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:evolved"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.2R1",
"product": {
"name": "Juniper Junos Space \u003c22.2R1",
"product_id": "T003343"
}
},
{
"category": "product_version",
"name": "22.2R1",
"product": {
"name": "Juniper Junos Space 22.2R1",
"product_id": "T003343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:-"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV7.04.015",
"product": {
"name": "Meinberg LANTIME \u003cV7.04.015",
"product_id": "T022524"
}
},
{
"category": "product_version",
"name": "V7.04.015",
"product": {
"name": "Meinberg LANTIME V7.04.015",
"product_id": "T022524-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:v7.04.015"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV6.24.030",
"product": {
"name": "Meinberg LANTIME \u003cV6.24.030",
"product_id": "T022525"
}
},
{
"category": "product_version",
"name": "V6.24.030",
"product": {
"name": "Meinberg LANTIME V6.24.030",
"product_id": "T022525-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:v6.24.030"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp AFF",
"product": {
"name": "NetApp AFF",
"product_id": "T020536",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:aff:-"
}
}
},
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
},
{
"category": "product_name",
"name": "NetApp FAS",
"product": {
"name": "NetApp FAS",
"product_id": "T011540",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:fas:-"
}
}
},
{
"category": "product_name",
"name": "NetApp StorageGRID",
"product": {
"name": "NetApp StorageGRID",
"product_id": "920206",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:storagegrid:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.3.6",
"product": {
"name": "Open Source LibreSSL \u003c3.3.6",
"product_id": "T022349"
}
},
{
"category": "product_version",
"name": "3.3.6",
"product": {
"name": "Open Source LibreSSL 3.3.6",
"product_id": "T022349-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:libressl:3.3.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.3",
"product": {
"name": "Open Source LibreSSL \u003c3.4.3",
"product_id": "T022350"
}
},
{
"category": "product_version",
"name": "3.4.3",
"product": {
"name": "Open Source LibreSSL 3.4.3",
"product_id": "T022350-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:libressl:3.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.5.1",
"product": {
"name": "Open Source LibreSSL \u003c3.5.1",
"product_id": "T022351"
}
},
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "Open Source LibreSSL 3.5.1",
"product_id": "T022351-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:libressl:3.5.1"
}
}
}
],
"category": "product_name",
"name": "LibreSSL"
},
{
"category": "product_name",
"name": "Open Source Node.js",
"product": {
"name": "Open Source Node.js",
"product_id": "T017684",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.1.4",
"product": {
"name": "Open Source OPNsense \u003c22.1.4",
"product_id": "T022958"
}
},
{
"category": "product_version",
"name": "22.1.4",
"product": {
"name": "Open Source OPNsense 22.1.4",
"product_id": "T022958-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:opnsense:opnsense:22.1.4"
}
}
}
],
"category": "product_name",
"name": "OPNsense"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.0.2zd",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2zd",
"product_id": "T022343"
}
},
{
"category": "product_version",
"name": "1.0.2zd",
"product": {
"name": "Open Source OpenSSL 1.0.2zd",
"product_id": "T022343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.0.2zd"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.1n",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1n",
"product_id": "T022344"
}
},
{
"category": "product_version",
"name": "1.1.1n",
"product": {
"name": "Open Source OpenSSL 1.1.1n",
"product_id": "T022344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1n"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.2",
"product": {
"name": "Open Source OpenSSL \u003c3.0.2",
"product_id": "T022345"
}
},
{
"category": "product_version",
"name": "3.0.2",
"product": {
"name": "Open Source OpenSSL 3.0.2",
"product_id": "T022345-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.2"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "3",
"product": {
"name": "Oracle VM 3",
"product_id": "T019617",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:3"
}
}
}
],
"category": "product_name",
"name": "VM"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Palo Alto Networks PAN-OS",
"product": {
"name": "Palo Alto Networks PAN-OS",
"product_id": "T016533",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:-"
}
}
}
],
"category": "vendor",
"name": "Palo Alto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "Pulse Secure Pulse Connect Secure",
"product": {
"name": "Pulse Secure Pulse Connect Secure",
"product_id": "333006",
"product_identification_helper": {
"cpe": "cpe:/a:pulsesecure:pulse_connect_secure:8.0"
}
}
}
],
"category": "vendor",
"name": "Pulse Secure"
},
{
"branches": [
{
"category": "product_name",
"name": "QNAP NAS",
"product": {
"name": "QNAP NAS",
"product_id": "T017100",
"product_identification_helper": {
"cpe": "cpe:/h:qnap:nas:-"
}
}
}
],
"category": "vendor",
"name": "QNAP"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Siemens SIMATIC S7",
"product": {
"name": "Siemens SIMATIC S7",
"product_id": "T020086",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:-"
}
}
},
{
"category": "product_name",
"name": "Siemens SIMATIC WinCC",
"product": {
"name": "Siemens SIMATIC WinCC",
"product_id": "909207",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:simatic_wincc:-"
}
}
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"category": "product_name",
"name": "SolarWinds Orion",
"product": {
"name": "SolarWinds Orion",
"product_id": "T024734",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_core_services:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2024.2",
"product": {
"name": "SolarWinds Platform \u003c2024.2",
"product_id": "T035149"
}
},
{
"category": "product_version",
"name": "2024.2",
"product": {
"name": "SolarWinds Platform 2024.2",
"product_id": "T035149-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_platform:2024.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2025.4",
"product": {
"name": "SolarWinds Platform \u003c2025.4",
"product_id": "T047827"
}
},
{
"category": "product_version",
"name": "2025.4",
"product": {
"name": "SolarWinds Platform 2025.4",
"product_id": "T047827-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_platform:2025.4"
}
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"category": "product_name",
"name": "SonicWall SonicOS",
"product": {
"name": "SonicWall SonicOS",
"product_id": "885060",
"product_identification_helper": {
"cpe": "cpe:/o:sonicwall:sonicos:-"
}
}
}
],
"category": "vendor",
"name": "SonicWall"
},
{
"branches": [
{
"category": "product_name",
"name": "Synology DiskStation Manager",
"product": {
"name": "Synology DiskStation Manager",
"product_id": "450918",
"product_identification_helper": {
"cpe": "cpe:/a:synology:diskstation_manager:-"
}
}
}
],
"category": "vendor",
"name": "Synology"
},
{
"branches": [
{
"category": "product_name",
"name": "Tenable Security Nessus",
"product": {
"name": "Tenable Security Nessus",
"product_id": "999278",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.0.1",
"product_id": "T023141"
}
},
{
"category": "product_version",
"name": "6.0.1",
"product": {
"name": "Tenable Security Nessus Network Monitor 6.0.1",
"product_id": "T023141-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.0.1"
}
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "883326",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
},
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "product_name",
"name": "Linux"
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "Unify OpenScape 4000",
"product": {
"name": "Unify OpenScape 4000",
"product_id": "T018011",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_4000:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Accouting",
"product": {
"name": "Unify OpenScape Accouting",
"product_id": "T023857",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_accounting:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Branch",
"product": {
"name": "Unify OpenScape Branch",
"product_id": "T018258",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_branch:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Business",
"product": {
"name": "Unify OpenScape Business",
"product_id": "T018012",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_business:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Concierge",
"product": {
"name": "Unify OpenScape Concierge",
"product_id": "T023859",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_concierge:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Contact Center",
"product": {
"name": "Unify OpenScape Contact Center",
"product_id": "T008876",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_contact_center:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Cordless IP",
"product": {
"name": "Unify OpenScape Cordless IP",
"product_id": "T018016",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_cordless_ip:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Desk Phone",
"product": {
"name": "Unify OpenScape Desk Phone",
"product_id": "T018015",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_deskphone:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Mediaserver",
"product": {
"name": "Unify OpenScape Mediaserver",
"product_id": "T018253",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_mediaserver:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape SBC",
"product": {
"name": "Unify OpenScape SBC",
"product_id": "T008874",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_sbc:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Voice",
"product": {
"name": "Unify OpenScape Voice",
"product_id": "T008873",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_voice:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape WLAN Phone",
"product": {
"name": "Unify OpenScape WLAN Phone",
"product_id": "T023862",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_wlan_phone:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Xpert",
"product": {
"name": "Unify OpenScape Xpert",
"product_id": "T018014",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_xpert:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Xpressions",
"product": {
"name": "Unify OpenScape Xpressions",
"product_id": "T023863",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_xpressions:-"
}
}
},
{
"category": "product_name",
"name": "Unify SESAP",
"product": {
"name": "Unify SESAP",
"product_id": "T023861",
"product_identification_helper": {
"cpe": "cpe:/a:unify:sesap:-"
}
}
}
],
"category": "vendor",
"name": "Unify"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.8 Update 1",
"product": {
"name": "WatchGuard Firebox \u003c12.8 Update 1",
"product_id": "T010780"
}
},
{
"category": "product_version",
"name": "12.8 Update 1",
"product": {
"name": "WatchGuard Firebox 12.8 Update 1",
"product_id": "T010780-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:watchguard:firebox:12.0"
}
}
}
],
"category": "product_name",
"name": "Firebox"
}
],
"category": "vendor",
"name": "WatchGuard"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0p24",
"product": {
"name": "genua genugate \u003c9.0p24",
"product_id": "T022549"
}
},
{
"category": "product_version",
"name": "9.0p24",
"product": {
"name": "genua genugate 9.0p24",
"product_id": "T022549-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:9.0p24"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0p7",
"product": {
"name": "genua genugate \u003c10.0p7",
"product_id": "T022550"
}
},
{
"category": "product_version",
"name": "10.0p7",
"product": {
"name": "genua genugate 10.0p7",
"product_id": "T022550-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.0p7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.3p3",
"product": {
"name": "genua genugate \u003c10.3p3",
"product_id": "T022551"
}
},
{
"category": "product_version",
"name": "10.3p3",
"product": {
"name": "genua genugate 10.3p3",
"product_id": "T022551-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.3p3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2p6",
"product": {
"name": "genua genugate \u003c10.2p6",
"product_id": "T022552"
}
},
{
"category": "product_version",
"name": "10.2p6",
"product": {
"name": "genua genugate 10.2p6",
"product_id": "T022552-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.2p6"
}
}
}
],
"category": "product_name",
"name": "genugate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0p3",
"product": {
"name": "genua genuscreen \u003c8.0p3",
"product_id": "T022547"
}
},
{
"category": "product_version",
"name": "8.0p3",
"product": {
"name": "genua genuscreen 8.0p3",
"product_id": "T022547-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genuscreen:8.0p3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.6p6",
"product": {
"name": "genua genuscreen \u003c7.6p6",
"product_id": "T022548"
}
},
{
"category": "product_version",
"name": "7.6p6",
"product": {
"name": "genua genuscreen 7.6p6",
"product_id": "T022548-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genuscreen:7.6p6"
}
}
}
],
"category": "product_name",
"name": "genuscreen"
}
],
"category": "vendor",
"name": "genua"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.2.0i1",
"product": {
"name": "Checkmk Checkmk \u003c2.2.0i1",
"product_id": "T022241"
}
},
{
"category": "product_version",
"name": "2.2.0i1",
"product": {
"name": "Checkmk Checkmk 2.2.0i1",
"product_id": "T022241-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tribe29:checkmk:2.2.0i1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.1.0b3",
"product": {
"name": "Checkmk Checkmk \u003c2.1.0b3",
"product_id": "T022381"
}
},
{
"category": "product_version",
"name": "2.1.0b3",
"product": {
"name": "Checkmk Checkmk 2.1.0b3",
"product_id": "T022381-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tribe29:checkmk:2.1.0b3"
}
}
}
],
"category": "product_name",
"name": "checkmk"
}
],
"category": "vendor",
"name": "tribe29"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0778",
"product_status": {
"known_affected": [
"T008876",
"T008873",
"T003343",
"T008874",
"T031895",
"T015844",
"T030689",
"T016533",
"T013661",
"T022547",
"T022548",
"T022549",
"883326",
"5930",
"398363",
"T022381",
"T020086",
"885060",
"T005119",
"T010780",
"T012167",
"T032354",
"2951",
"T020536",
"T023403",
"T024734",
"T025664",
"T022550",
"T027844",
"T022551",
"920206",
"T022552",
"T009310",
"1002224",
"T011540",
"450918",
"T022518",
"T022519",
"T022525",
"T023857",
"T023859",
"T047827",
"T022524",
"999278",
"T022241",
"T009615",
"T016786",
"333006",
"T017100",
"4918",
"909207",
"T023863",
"T017865",
"T000126",
"T023861",
"T023862",
"T015127",
"T021926",
"T015126",
"T004914",
"T003827",
"T022349",
"T018886",
"950",
"T022345",
"T019617",
"T022343",
"T022344",
"T015519",
"T015518",
"T035149",
"T015516",
"7654",
"T032273",
"T012640",
"T018011",
"T018253",
"T018012",
"T017562",
"T017684",
"T018014",
"T018015",
"T018016",
"T018258",
"T022516",
"T022517",
"T002207",
"444803",
"T022350",
"T022351",
"T014339",
"67646",
"4035",
"T022958",
"T020304",
"T001663",
"T024588",
"T024587",
"T025159",
"T047104",
"5094",
"1727",
"T023141"
]
},
"release_date": "2022-03-15T23:00:00.000+00:00",
"title": "CVE-2022-0778"
}
]
}
WID-SEC-W-2022-0169
Vulnerability from csaf_certbund - Published: 2022-04-19 22:00 - Updated: 2024-05-28 22:00Summary
Oracle MySQL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- MacOS X
- NetApp Appliance
- UNIX
- Windows
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle MySQL <=5.7.37
Oracle / MySQL
|
<=5.7.37 | ||
|
Oracle MySQL <=7.4.35
Oracle / MySQL
|
<=7.4.35 | ||
|
Oracle MySQL <=7.5.25
Oracle / MySQL
|
<=7.5.25 | ||
|
Oracle MySQL <=7.6.21
Oracle / MySQL
|
<=7.6.21 | ||
|
Oracle MySQL <=8.0.29
Oracle / MySQL
|
<=8.0.29 | ||
|
Oracle MySQL <=8.0.28
Oracle / MySQL
|
<=8.0.28 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- NetApp Appliance\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0169 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0169.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0169 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0169"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5490-1 vom 2022-06-21",
"url": "https://ubuntu.com/security/notices/USN-5490-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2003-1 vom 2022-06-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011247.html"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update April 2022 - Appendix Oracle MySQL vom 2022-04-19",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20220429-0005 vom 2022-04-29",
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5400-1 vom 2022-05-03",
"url": "https://ubuntu.com/security/notices/USN-5400-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5400-2 vom 2022-05-04",
"url": "https://ubuntu.com/security/notices/USN-5400-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5400-3 vom 2022-05-05",
"url": "https://ubuntu.com/security/notices/USN-5400-3"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-098 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-098.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6306 vom 2022-09-01",
"url": "https://access.redhat.com/errata/RHSA-2022:6306"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6518 vom 2022-09-14",
"url": "https://access.redhat.com/errata/RHSA-2022:6518"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6590 vom 2022-09-21",
"url": "https://access.redhat.com/errata/RHSA-2022:6590"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6590 vom 2022-09-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-6590.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1040-3 vom 2022-10-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012505.html"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"category": "external",
"summary": "Oracle Linux Bulletin-October 2022 vom 2022-10-18",
"url": "https://www.oracle.com/security-alerts/linuxbulletinoct2022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7119 vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7119"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7119 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-7119.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-165 vom 2022-11-04",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7464 vom 2022-11-08",
"url": "https://access.redhat.com/errata/RHSA-2022:7464"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7970 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:7970"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7970 vom 2022-11-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-7970.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8860 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8860"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8847 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8847"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8893"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1931 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1931.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1676 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/ALAS-2023-1676.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-1948 vom 2023-02-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1948.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3433 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3433"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-28T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:27:04.345+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0169",
"initial_release_date": "2022-04-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-05-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2022-05-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-05-04T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-05-05T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-06-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-06-21T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-09-01T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-14T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-20T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-21T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-18T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-11-06T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-21T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-15T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-02-22T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "26"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.2R1",
"product": {
"name": "Juniper Junos Space \u003c22.2R1",
"product_id": "T003343"
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.0.29",
"product": {
"name": "Oracle MySQL \u003c=8.0.29",
"product_id": "T022871"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.28",
"product": {
"name": "Oracle MySQL \u003c=8.0.28",
"product_id": "T022872"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.7.37",
"product": {
"name": "Oracle MySQL \u003c=5.7.37",
"product_id": "T022873"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.4.35",
"product": {
"name": "Oracle MySQL \u003c=7.4.35",
"product_id": "T022874"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.5.25",
"product": {
"name": "Oracle MySQL \u003c=7.5.25",
"product_id": "T022875"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.21",
"product": {
"name": "Oracle MySQL \u003c=7.6.21",
"product_id": "T022876"
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "367115",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22570",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-22570"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-42340",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-42340"
},
{
"cve": "CVE-2021-44832",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2021-44832"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-21412",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21412"
},
{
"cve": "CVE-2022-21413",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21413"
},
{
"cve": "CVE-2022-21414",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21414"
},
{
"cve": "CVE-2022-21415",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21415"
},
{
"cve": "CVE-2022-21417",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21417"
},
{
"cve": "CVE-2022-21418",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21418"
},
{
"cve": "CVE-2022-21423",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21423"
},
{
"cve": "CVE-2022-21425",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21425"
},
{
"cve": "CVE-2022-21427",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21427"
},
{
"cve": "CVE-2022-21435",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21435"
},
{
"cve": "CVE-2022-21436",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21436"
},
{
"cve": "CVE-2022-21437",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21437"
},
{
"cve": "CVE-2022-21438",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21438"
},
{
"cve": "CVE-2022-21440",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21440"
},
{
"cve": "CVE-2022-21444",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21444"
},
{
"cve": "CVE-2022-21451",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21451"
},
{
"cve": "CVE-2022-21452",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21452"
},
{
"cve": "CVE-2022-21454",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21454"
},
{
"cve": "CVE-2022-21457",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21457"
},
{
"cve": "CVE-2022-21459",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21459"
},
{
"cve": "CVE-2022-21460",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21460"
},
{
"cve": "CVE-2022-21462",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21462"
},
{
"cve": "CVE-2022-21478",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21478"
},
{
"cve": "CVE-2022-21479",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21479"
},
{
"cve": "CVE-2022-21482",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21482"
},
{
"cve": "CVE-2022-21483",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21483"
},
{
"cve": "CVE-2022-21484",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21484"
},
{
"cve": "CVE-2022-21485",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21485"
},
{
"cve": "CVE-2022-21486",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21486"
},
{
"cve": "CVE-2022-21489",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21489"
},
{
"cve": "CVE-2022-21490",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21490"
},
{
"cve": "CVE-2022-22965",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-22965"
},
{
"cve": "CVE-2022-23181",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-23305",
"notes": [
{
"category": "description",
"text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T003343",
"T002207",
"67646",
"T000126",
"367115",
"398363",
"T004914",
"T016960"
],
"last_affected": [
"T022873",
"T022874",
"T022875",
"T022876",
"T022871",
"T022872"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-23305"
}
]
}
WID-SEC-W-2022-0200
Vulnerability from csaf_certbund - Published: 2022-04-19 22:00 - Updated: 2025-02-18 23:00Summary
Oracle Java SE und OpenJDK: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE und OpenJDK ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Appliance
- Linux
- NetApp Appliance
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
Juniper Junos Space <22.2R1
Juniper / Junos Space
|
<22.2R1 | ||
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
IBM Rational ClearQuest <9.0.2.8
IBM / Rational ClearQuest
|
<9.0.2.8 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Oracle Java SE 11.0.14
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.14
|
11.0.14 | |
|
Oracle Java SE 17.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.2
|
17.0.2 | |
|
EMC NetWorker
EMC
|
cpe:/a:emc:networker:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Oracle Java SE 21.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.1
|
21.3.1 | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 22.0.0.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.0.0.2
|
22.0.0.2 | |
|
IBM SPSS 8.4
IBM / SPSS
|
cpe:/a:ibm:spss:8.4
|
8.4 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Rational Business Developer
IBM
|
cpe:/a:ibm:rational_business_developer:-
|
— | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Java <8.0.8.0
IBM / Java
|
<8.0.8.0 | ||
|
IBM Java <7.1.5.17
IBM / Java
|
<7.1.5.17 | ||
|
IBM Rational Build Forge <8.0.0.23
IBM / Rational Build Forge
|
<8.0.0.23 | ||
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5
|
Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE Oracle Java SE: 7u331
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_java_se_7u331
|
Oracle Java SE: 7u331 | |
|
Oracle Java SE 8u321
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u321
|
8u321 | |
|
Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5
|
18; Oracle GraalVM Enterprise Edition: 20.3.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.31 | ||
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 |
References
92 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE und OpenJDK ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- Linux\n- NetApp Appliance\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0200 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0200.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0200 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0200"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update April 2022 - Appendix Oracle Java SE vom 2022-04-19",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA"
},
{
"category": "external",
"summary": "OpenJDK Vulnerability Advisory",
"url": "https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1440 vom 2022-04-20",
"url": "http://linux.oracle.com/errata/ELSA-2022-1440.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1444 vom 2022-04-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1444"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1443 vom 2022-04-21",
"url": "https://access.redhat.com/errata/RHSA-2022:1443"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1442 vom 2022-04-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1442"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1441 vom 2022-04-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1441"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1440 vom 2022-04-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1440"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1445 vom 2022-04-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1445"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1442 vom 2022-04-20",
"url": "http://linux.oracle.com/errata/ELSA-2022-1442.html"
},
{
"category": "external",
"summary": "CVE-2022-21449 PoC vom 2022-04-21",
"url": "https://github.com/khalednassar/CVE-2022-21449-TLS-PoC"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1445 vom 2022-04-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-1445.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1490 vom 2022-04-25",
"url": "https://access.redhat.com/errata/RHSA-2022:1490"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1491 vom 2022-04-26",
"url": "http://linux.oracle.com/errata/ELSA-2022-1491.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1487 vom 2022-04-26",
"url": "http://linux.oracle.com/errata/ELSA-2022-1487.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1491 vom 2022-04-25",
"url": "https://access.redhat.com/errata/RHSA-2022:1491"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1489 vom 2022-04-25",
"url": "https://access.redhat.com/errata/RHSA-2022:1489"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1487 vom 2022-04-25",
"url": "https://access.redhat.com/errata/RHSA-2022:1487"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1488 vom 2022-04-25",
"url": "https://access.redhat.com/errata/RHSA-2022:1488"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5388-1 vom 2022-04-26",
"url": "https://ubuntu.com/security/notices/USN-5388-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5388-2 vom 2022-04-26",
"url": "https://ubuntu.com/security/notices/USN-5388-2"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1791 vom 2022-04-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1791.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1790 vom 2022-04-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1790.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1778 vom 2022-04-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1778.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2022-038 vom 2022-04-26",
"url": "https://downloads.avaya.com/css/P8/documents/101081600"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1439 vom 2022-04-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1439"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1492 vom 2022-04-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1492"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2022-002 vom 2022-04-28",
"url": "https://alas.aws.amazon.com/AL2/ALASCORRETTO8-2022-002.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1435 vom 2022-04-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1435"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2022-039 vom 2022-04-27",
"url": "https://downloads.avaya.com/css/P8/documents/101081609"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1436 vom 2022-04-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1436"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1437 vom 2022-04-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1438 vom 2022-04-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1438"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20220429-0006 vom 2022-04-29",
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1474-1 vom 2022-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010900.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1520 vom 2022-05-02",
"url": "https://access.redhat.com/errata/RHSA-2022:1520"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1519 vom 2022-05-02",
"url": "https://access.redhat.com/errata/RHSA-2022:1519"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1513-1 vom 2022-05-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010919.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5128 vom 2022-05-03",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00096.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1622 vom 2022-05-04",
"url": "https://access.redhat.com/errata/RHSA-2022:1622"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5131 vom 2022-05-05",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00099.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1679 vom 2022-05-10",
"url": "https://access.redhat.com/errata/RHSA-2022:1679"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2218 vom 2022-05-12",
"url": "https://access.redhat.com/errata/RHSA-2022:2218"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2217 vom 2022-05-12",
"url": "https://access.redhat.com/errata/RHSA-2022:2217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2216 vom 2022-05-12",
"url": "https://access.redhat.com/errata/RHSA-2022:2216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1699 vom 2022-05-13",
"url": "https://access.redhat.com/errata/RHSA-2022:1699"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:1487 vom 2022-05-13",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-May/073583.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3006 vom 2022-05-14",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:1440 vom 2022-05-13",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-May/073586.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1728 vom 2022-05-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1728"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2137 vom 2022-05-20",
"url": "https://access.redhat.com/errata/RHSA-2022:2137"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1729 vom 2022-05-20",
"url": "https://access.redhat.com/errata/RHSA-2022:1729"
},
{
"category": "external",
"summary": "Release Notes f\u00fcr Security Event Manager",
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-2-1_release_notes.htm"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2272 vom 2022-05-26",
"url": "https://access.redhat.com/errata/RHSA-2022:2272"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-113 vom 2022-05-27",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-113/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4957 vom 2022-06-09",
"url": "https://access.redhat.com/errata/RHSA-2022:4957"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4959 vom 2022-06-09",
"url": "https://access.redhat.com/errata/RHSA-2022:4959"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2022-038 vom 2022-06-08",
"url": "https://download.avaya.com/css/public/documents/101082271"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1728 vom 2022-07-01",
"url": "http://linux.oracle.com/errata/ELSA-2022-1728.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-2137 vom 2022-07-01",
"url": "http://linux.oracle.com/errata/ELSA-2022-2137.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1729 vom 2022-07-01",
"url": "http://linux.oracle.com/errata/ELSA-2022-1729.html"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2022-189 vom 2022-07-14",
"url": "https://www.dell.com/support/kbdoc/de-de/000201463/dsa-2022-189-dell-emc-networker-runtime-environment-nre-security-update-for-java-se-embedded-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2540-1 vom 2022-07-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011646.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2530-1 vom 2022-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011636.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2531-1 vom 2022-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011635.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2539-1 vom 2022-07-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011645.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2650-1 vom 2022-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011760.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5837 vom 2022-08-03",
"url": "https://access.redhat.com/errata/RHSA-2022:5837"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5546-2 vom 2022-08-04",
"url": "https://ubuntu.com/security/notices/USN-5546-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5546-1 vom 2022-08-04",
"url": "https://ubuntu.com/security/notices/USN-5546-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1631 vom 2022-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2022-1631.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3092-1 vom 2022-09-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012103.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1633 vom 2022-09-12",
"url": "https://alas.aws.amazon.com/ALAS-2022-1633.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2JAVA-OPENJDK11-2022-002 vom 2022-09-15",
"url": "https://alas.aws.amazon.com/AL2/ALASJAVA-OPENJDK11-2022-002.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1835 vom 2022-09-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1835.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6824717 vom 2022-09-29",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-semeru-runtime-affect-spss-collaboration-and-deployment-services-cve-2022-21496-cve-2022-21426/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6824713 vom 2022-09-29",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-spss-collaboration-and-deployment-services-cve-2022-21496/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6824763 vom 2022-09-29",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-txseries-for-multiplatforms-is-vulnerable-to-several-no-confidentiality-exposures-due-to-ibm-sdk-java-technology-edition/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6825125 vom 2022-10-01",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-multiple-vulnerabilities-in-ibm-runtime-environment-java-technology-edition-version-8/"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6967221 vom 2023-03-30",
"url": "https://www.ibm.com/support/pages/node/6967221"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6995887 vom 2023-05-19",
"url": "https://aix.software.ibm.com/aix/efixes/security/java_may2023_advisory.asc"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7006407 vom 2023-06-23",
"url": "https://www.ibm.com/support/pages/node/7006407"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7041681 vom 2023-10-04",
"url": "https://www.ibm.com/support/pages/node/7041681"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7056031 vom 2023-10-19",
"url": "https://www.ibm.com/support/pages/node/7056031"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7058364 vom 2023-10-24",
"url": "https://www.ibm.com/support/pages/node/7058364"
},
{
"category": "external",
"summary": "### vom 2024-10-15",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24999"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 8 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-8/blob/14eb6b297ac476ca5734706b40903e5a69ecd74a/CHANGELOG.md"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 11 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-11/blob/ece67a968d57210c69d3b9153576613846c1cacf/CHANGELOG.md"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0066-1 vom 2025-02-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE und OpenJDK: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-18T23:00:00.000+00:00",
"generator": {
"date": "2025-02-19T09:25:37.612+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0200",
"initial_release_date": "2022-04-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-04-20T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2022-04-21T22:00:00.000+00:00",
"number": "3",
"summary": "PoC f\u00fcr CVE-2022-21449 aufgenommen"
},
{
"date": "2022-04-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-04-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-04-26T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-04-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon und AVAYA aufgenommen"
},
{
"date": "2022-04-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat, Amazon und AVAYA aufgenommen"
},
{
"date": "2022-05-01T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von NetApp, Red Hat und SUSE aufgenommen"
},
{
"date": "2022-05-02T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-03T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2022-05-04T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-05T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-05-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-11T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-12T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-15T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von CentOS und Debian aufgenommen"
},
{
"date": "2022-05-19T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-22T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat und HITACHI aufgenommen"
},
{
"date": "2022-05-31T22:00:00.000+00:00",
"number": "21",
"summary": "Anpassung"
},
{
"date": "2022-06-08T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-19T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2022-07-03T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-07-13T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2022-07-24T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-03T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2022-08-04T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-08-23T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-09-12T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-09-14T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-09-28T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-03-30T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-21T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-22T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "44"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Corretto",
"product": {
"name": "Amazon Corretto",
"product_id": "T023017",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.26.4.1",
"product": {
"name": "Amazon Corretto \u003c11.0.26.4.1",
"product_id": "T040500"
}
},
{
"category": "product_version",
"name": "11.0.26.4.1",
"product": {
"name": "Amazon Corretto 11.0.26.4.1",
"product_id": "T040500-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:11.0.26.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.442.06.1",
"product": {
"name": "Amazon Corretto \u003c8.442.06.1",
"product_id": "T040501"
}
},
{
"category": "product_version",
"name": "8.442.06.1",
"product": {
"name": "Amazon Corretto 8.442.06.1",
"product_id": "T040501-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:8.442.06.1"
}
}
}
],
"category": "product_name",
"name": "Corretto"
},
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Communication Manager",
"product": {
"name": "Avaya Aura Communication Manager",
"product_id": "T015126",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:communication_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya CMS",
"product": {
"name": "Avaya CMS",
"product_id": "997",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:call_management_system_server:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Session Border Controller",
"product": {
"name": "Avaya Session Border Controller",
"product_id": "T015520",
"product_identification_helper": {
"cpe": "cpe:/h:avaya:session_border_controller:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Web License Manager",
"product": {
"name": "Avaya Web License Manager",
"product_id": "T016243",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:web_license_manager:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.0a",
"product_id": "T034391"
}
},
{
"category": "product_version",
"name": "2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.0a",
"product_id": "T034391-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.0a"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1a",
"product_id": "T038317"
}
},
{
"category": "product_version",
"name": "2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1a",
"product_id": "T038317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC NetWorker",
"product": {
"name": "EMC NetWorker",
"product_id": "3479",
"product_identification_helper": {
"cpe": "cpe:/a:emc:networker:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
},
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "T021486",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.5.17",
"product": {
"name": "IBM Java \u003c7.1.5.17",
"product_id": "T027013"
}
},
{
"category": "product_version",
"name": "7.1.5.17",
"product": {
"name": "IBM Java 7.1.5.17",
"product_id": "T027013-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:jre:7.1.5.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.0.8.0",
"product": {
"name": "IBM Java \u003c8.0.8.0",
"product_id": "T027014"
}
},
{
"category": "product_version",
"name": "8.0.8.0",
"product": {
"name": "IBM Java 8.0.8.0",
"product_id": "T027014-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:jre:8.0.8.0"
}
}
}
],
"category": "product_name",
"name": "Java"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.23",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.23",
"product_id": "T024052"
}
},
{
"category": "product_version",
"name": "8.0.0.23",
"product": {
"name": "IBM Rational Build Forge 8.0.0.23",
"product_id": "T024052-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.23"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"category": "product_name",
"name": "IBM Rational Business Developer",
"product": {
"name": "IBM Rational Business Developer",
"product_id": "T025611",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_business_developer:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.2.8",
"product": {
"name": "IBM Rational ClearQuest \u003c9.0.2.8",
"product_id": "T030204"
}
},
{
"category": "product_version",
"name": "9.0.2.8",
"product": {
"name": "IBM Rational ClearQuest 9.0.2.8",
"product_id": "T030204-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearquest:9.0.2.8"
}
}
}
],
"category": "product_name",
"name": "Rational ClearQuest"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4",
"product": {
"name": "IBM SPSS 8.4",
"product_id": "T024740",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:8.4"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM TXSeries 9.1",
"product_id": "T015903",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
}
}
},
{
"category": "product_version",
"name": "8.2",
"product": {
"name": "IBM TXSeries 8.2",
"product_id": "T015904",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.0.31",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus \u003c8.1.0.31",
"product_id": "T030747"
}
},
{
"category": "product_version",
"name": "8.1.0.31",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1.0.31",
"product_id": "T030747-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0.31"
}
}
}
],
"category": "product_name",
"name": "Tivoli Netcool/OMNIbus"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.2R1",
"product": {
"name": "Juniper Junos Space \u003c22.2R1",
"product_id": "T003343"
}
},
{
"category": "product_version",
"name": "22.2R1",
"product": {
"name": "Juniper Junos Space 22.2R1",
"product_id": "T003343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:-"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source OpenJDK",
"product": {
"name": "Open Source OpenJDK",
"product_id": "580789",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:openjdk:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "21.3.1",
"product": {
"name": "Oracle Java SE 21.3.1",
"product_id": "T022864",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:21.3.1"
}
}
},
{
"category": "product_version",
"name": "22.0.0.2",
"product": {
"name": "Oracle Java SE 22.0.0.2",
"product_id": "T022865",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:22.0.0.2"
}
}
},
{
"category": "product_version",
"name": "11.0.14",
"product": {
"name": "Oracle Java SE 11.0.14",
"product_id": "T022866",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:11.0.14"
}
}
},
{
"category": "product_version",
"name": "17.0.2",
"product": {
"name": "Oracle Java SE 17.0.2",
"product_id": "T022867",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:17.0.2"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition: 20.3.5",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.5",
"product_id": "T022909",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.5"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE: 7u331",
"product": {
"name": "Oracle Java SE Oracle Java SE: 7u331",
"product_id": "T022910",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_7u331"
}
}
},
{
"category": "product_version",
"name": "8u321",
"product": {
"name": "Oracle Java SE 8u321",
"product_id": "T022911",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u321"
}
}
},
{
"category": "product_version",
"name": "18; Oracle GraalVM Enterprise Edition: 20.3.5",
"product": {
"name": "Oracle Java SE 18; Oracle GraalVM Enterprise Edition: 20.3.5",
"product_id": "T022912",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:18_oracle_graalvm_enterprise_edition_20.3.5"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0778",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-21426",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21426"
},
{
"cve": "CVE-2022-21434",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21434"
},
{
"cve": "CVE-2022-21443",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21443"
},
{
"cve": "CVE-2022-21449",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21449"
},
{
"cve": "CVE-2022-21476",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21476"
},
{
"cve": "CVE-2022-21496",
"product_status": {
"known_affected": [
"T015904",
"T003343",
"T015903",
"T030204",
"67646",
"T015127",
"T015126",
"T004914",
"T015520",
"T022866",
"T022867",
"3479",
"T023017",
"T022864",
"997",
"T022865",
"T024740",
"398363",
"T025611",
"T021398",
"T027014",
"T027013",
"T024052",
"T015518",
"T038317",
"T015516",
"434967",
"1039165",
"T022909",
"T016960",
"T016243",
"T017562",
"T022910",
"T022911",
"T022912",
"2951",
"T002207",
"T034391",
"T000126",
"580789",
"T027843",
"T030747",
"T040501",
"T040500",
"1727",
"T021486"
]
},
"release_date": "2022-04-19T22:00:00.000+00:00",
"title": "CVE-2022-21496"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…