Vulnerability-Lookup

CVE-2022-37603 (GCVE-0-2022-37603)

Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-05-15 14:51

Summary

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

6 references

URL	Tags
https://github.com/webpack/loader-utils/blob/d9f4…
https://github.com/webpack/loader-utils/blob/d9f4…
https://github.com/webpack/loader-utils/issues/213
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:21.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webpack/loader-utils/issues/213"
          },
          {
            "name": "FEDORA-2023-86d75130fe",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
          },
          {
            "name": "FEDORA-2023-a4f0b29f6c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
          },
          {
            "name": "FEDORA-2023-2e38c3756f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-37603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T14:51:07.504643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T14:51:37.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-30T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38"
        },
        {
          "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107"
        },
        {
          "url": "https://github.com/webpack/loader-utils/issues/213"
        },
        {
          "name": "FEDORA-2023-86d75130fe",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
        },
        {
          "name": "FEDORA-2023-a4f0b29f6c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
        },
        {
          "name": "FEDORA-2023-2e38c3756f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-37603",
    "datePublished": "2022-10-14T00:00:00.000Z",
    "dateReserved": "2022-08-08T00:00:00.000Z",
    "dateUpdated": "2025-05-15T14:51:37.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-37603",
      "date": "2026-05-27",
      "epss": "0.01331",
      "percentile": "0.80207"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-37603\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-10-14T16:15:12.647\",\"lastModified\":\"2025-05-15T15:15:56.750\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo de denegaci\u00f3n de servicio de expresi\u00f3n Regular (ReDoS) en la funci\u00f3n interpolateName en el archivo interpolateName.js en webpack loader-utils 2.0.0 por medio de la variable url en interpolateName.js\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"2D80B42D-76ED-4230-96B9-15EB1830D9E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.4\",\"matchCriteriaId\":\"F4F9E61F-7368-4FB3-9F31-961DE4EC04A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.2.1\",\"matchCriteriaId\":\"A8197168-0B7C-4BD0-B378-251CAA956A60\"}]}]}],\"references\":[{\"url\":\"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/webpack/loader-utils/issues/213\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/webpack/loader-utils/issues/213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webpack/loader-utils/issues/213\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\", \"name\": \"FEDORA-2023-86d75130fe\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\", \"name\": \"FEDORA-2023-a4f0b29f6c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\", \"name\": \"FEDORA-2023-2e38c3756f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:29:21.025Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-37603\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T14:51:07.504643Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T14:51:26.620Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38\"}, {\"url\": \"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107\"}, {\"url\": \"https://github.com/webpack/loader-utils/issues/213\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\", \"name\": \"FEDORA-2023-86d75130fe\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\", \"name\": \"FEDORA-2023-a4f0b29f6c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\", \"name\": \"FEDORA-2023-2e38c3756f\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-03-30T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-37603\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-15T14:51:37.708Z\", \"dateReserved\": \"2022-08-08T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-10-14T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2023:1049

Vulnerability from csaf_redhat - Published: 2023-03-01 21:58 - Updated: 2026-05-25 14:25

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * keycloak: missing email notification template allowlist (CVE-2022-1274) * keycloak: minimist: prototype pollution (CVE-2021-44906) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) * keycloak: path traversal via double URL encoding (CVE-2022-3782) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749) * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750) * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091) * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264) * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * keycloak: reflected XSS attack (CVE-2022-4137) * Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-11358

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.

5.6 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-11022

A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-11023

A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Moderate

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-44906

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1274

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1438

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1471

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-2237

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-2764

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.

4.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-3782

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-384 - Session Fixation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4137

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-81 - Improper Neutralization of Script in an Error Message Web Page

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-24785

A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-25857

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-31129

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-37603

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-185 - Incorrect Regular Expression

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38749

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38750

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38751

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40149

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40150

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-42003

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42004

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2022-45693

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46175

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-46363

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46364

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-0091

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

3.8 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-0264

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.

4.6 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-303 - Incorrect Implementation of Authentication Algorithm

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

References

186 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1049	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1601614	external
https://bugzilla.redhat.com/show_bug.cgi?id=1601617	external
https://bugzilla.redhat.com/show_bug.cgi?id=1701972	external
https://bugzilla.redhat.com/show_bug.cgi?id=1828406	external
https://bugzilla.redhat.com/show_bug.cgi?id=2031904	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073157	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097007	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117506	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129706	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129709	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135770	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135771	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138971	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141404	external
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://bugzilla.redhat.com/show_bug.cgi?id=2148496	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158585	external
https://bugzilla.redhat.com/show_bug.cgi?id=2160585	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1601614	external
https://www.cve.org/CVERecord?id=CVE-2018-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2018-14040	external
https://access.redhat.com/security/cve/CVE-2018-14042	self
https://bugzilla.redhat.com/show_bug.cgi?id=1601617	external
https://www.cve.org/CVERecord?id=CVE-2018-14042	external
https://nvd.nist.gov/vuln/detail/CVE-2018-14042	external
https://access.redhat.com/security/cve/CVE-2019-11358	self
https://bugzilla.redhat.com/show_bug.cgi?id=1701972	external
https://www.cve.org/CVERecord?id=CVE-2019-11358	external
https://nvd.nist.gov/vuln/detail/CVE-2019-11358	external
https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…	external
https://www.drupal.org/sa-core-2019-006	external
https://access.redhat.com/security/cve/CVE-2020-11022	self
https://bugzilla.redhat.com/show_bug.cgi?id=1828406	external
https://www.cve.org/CVERecord?id=CVE-2020-11022	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11022	external
https://github.com/advisories/GHSA-gxr4-xjj5-5px2	external
https://access.redhat.com/security/cve/CVE-2020-11023	self
https://bugzilla.redhat.com/show_bug.cgi?id=1850004	external
https://www.cve.org/CVERecord?id=CVE-2020-11023	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11023	external
https://blog.jquery.com/2020/04/10/jquery-3-5-0-r…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2021-44906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://www.cve.org/CVERecord?id=CVE-2021-44906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44906	external
https://github.com/advisories/GHSA-xvch-5gv4-984h	external
https://access.redhat.com/security/cve/CVE-2022-1274	self
https://bugzilla.redhat.com/show_bug.cgi?id=2073157	external
https://www.cve.org/CVERecord?id=CVE-2022-1274	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1274	external
https://github.com/keycloak/keycloak/security/adv…	external
https://access.redhat.com/security/cve/CVE-2022-1438	self
https://bugzilla.redhat.com/show_bug.cgi?id=2031904	external
https://www.cve.org/CVERecord?id=CVE-2022-1438	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1438	external
https://access.redhat.com/security/cve/CVE-2022-1471	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
https://www.cve.org/CVERecord?id=CVE-2022-1471	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1471	external
https://github.com/google/security-research/secur…	external
https://access.redhat.com/security/cve/CVE-2022-2237	self
https://bugzilla.redhat.com/show_bug.cgi?id=2097007	external
https://www.cve.org/CVERecord?id=CVE-2022-2237	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2237	external
https://access.redhat.com/security/cve/CVE-2022-2764	self
https://bugzilla.redhat.com/show_bug.cgi?id=2117506	external
https://www.cve.org/CVERecord?id=CVE-2022-2764	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2764	external
https://access.redhat.com/security/cve/CVE-2022-3782	self
https://bugzilla.redhat.com/show_bug.cgi?id=2138971	external
https://www.cve.org/CVERecord?id=CVE-2022-3782	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3782	external
https://access.redhat.com/security/cve/CVE-2022-3916	self
https://bugzilla.redhat.com/show_bug.cgi?id=2141404	external
https://www.cve.org/CVERecord?id=CVE-2022-3916	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3916	external
https://access.redhat.com/security/cve/CVE-2022-4137	self
https://bugzilla.redhat.com/show_bug.cgi?id=2148496	external
https://www.cve.org/CVERecord?id=CVE-2022-4137	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4137	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-25857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://www.cve.org/CVERecord?id=CVE-2022-25857	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25857	external
https://bitbucket.org/snakeyaml/snakeyaml/issues/525	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-37603	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://www.cve.org/CVERecord?id=CVE-2022-37603	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37603	external
https://access.redhat.com/security/cve/CVE-2022-38749	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129706	external
https://www.cve.org/CVERecord?id=CVE-2022-38749	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38749	external
https://access.redhat.com/security/cve/CVE-2022-38750	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129707	external
https://www.cve.org/CVERecord?id=CVE-2022-38750	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38750	external
https://access.redhat.com/security/cve/CVE-2022-38751	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129709	external
https://www.cve.org/CVERecord?id=CVE-2022-38751	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38751	external
https://access.redhat.com/security/cve/CVE-2022-40149	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135771	external
https://www.cve.org/CVERecord?id=CVE-2022-40149	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40149	external
https://github.com/jettison-json/jettison/release…	external
https://access.redhat.com/security/cve/CVE-2022-40150	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135770	external
https://www.cve.org/CVERecord?id=CVE-2022-40150	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40150	external
https://access.redhat.com/security/cve/CVE-2022-42003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://www.cve.org/CVERecord?id=CVE-2022-42003	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42003	external
https://access.redhat.com/security/cve/CVE-2022-42004	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://www.cve.org/CVERecord?id=CVE-2022-42004	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42004	external
https://access.redhat.com/security/cve/CVE-2022-45047	self
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://www.cve.org/CVERecord?id=CVE-2022-45047	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45047	external
https://www.mail-archive.com/dev@mina.apache.org/…	external
https://access.redhat.com/security/cve/CVE-2022-45693	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
https://www.cve.org/CVERecord?id=CVE-2022-45693	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45693	external
https://access.redhat.com/security/cve/CVE-2022-46175	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://www.cve.org/CVERecord?id=CVE-2022-46175	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46175	external
https://github.com/json5/json5/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2022-46363	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://www.cve.org/CVERecord?id=CVE-2022-46363	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46363	external
https://lists.apache.org/thread/pdzo1qgyplf4y523t…	external
https://access.redhat.com/security/cve/CVE-2022-46364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://www.cve.org/CVERecord?id=CVE-2022-46364	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46364	external
https://cxf.apache.org/security-advisories.data/C…	external
https://access.redhat.com/security/cve/CVE-2023-0091	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158585	external
https://www.cve.org/CVERecord?id=CVE-2023-0091	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0091	external
https://github.com/keycloak/keycloak/security/adv…	external
https://github.com/keycloak/security/issues/27	external
https://access.redhat.com/security/cve/CVE-2023-0264	self
https://bugzilla.redhat.com/show_bug.cgi?id=2160585	external
https://www.cve.org/CVERecord?id=CVE-2023-0264	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0264	external

Acknowledgments

usd AG Marcus Nilsson

SISOFT s.c. Grzegorz Tworek

NETAŞ PENTEST TEAM Aytaç Kalıncı Ilker Bulgurcu Yasin Yılmaz

Trifork Peter Flintholm

https://github.com/souravs17031999 Sourav Kumar

A1 Digital Jordi Zayuelas i Muñoz

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1049",
        "url": "https://access.redhat.com/errata/RHSA-2023:1049"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1601614",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
      },
      {
        "category": "external",
        "summary": "1601617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
      },
      {
        "category": "external",
        "summary": "1701972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
      },
      {
        "category": "external",
        "summary": "1828406",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
      },
      {
        "category": "external",
        "summary": "2031904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
      },
      {
        "category": "external",
        "summary": "2066009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2073157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
      },
      {
        "category": "external",
        "summary": "2097007",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "external",
        "summary": "2117506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
      },
      {
        "category": "external",
        "summary": "2126789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
      },
      {
        "category": "external",
        "summary": "2129706",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
      },
      {
        "category": "external",
        "summary": "2129707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
      },
      {
        "category": "external",
        "summary": "2129709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
      },
      {
        "category": "external",
        "summary": "2135244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
      },
      {
        "category": "external",
        "summary": "2135247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
      },
      {
        "category": "external",
        "summary": "2135770",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
      },
      {
        "category": "external",
        "summary": "2135771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
      },
      {
        "category": "external",
        "summary": "2138971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
      },
      {
        "category": "external",
        "summary": "2140597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
      },
      {
        "category": "external",
        "summary": "2141404",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
      },
      {
        "category": "external",
        "summary": "2145194",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
      },
      {
        "category": "external",
        "summary": "2148496",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496"
      },
      {
        "category": "external",
        "summary": "2150009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
      },
      {
        "category": "external",
        "summary": "2155681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
      },
      {
        "category": "external",
        "summary": "2155682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
      },
      {
        "category": "external",
        "summary": "2155970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
      },
      {
        "category": "external",
        "summary": "2156263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2158585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
      },
      {
        "category": "external",
        "summary": "2160585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update",
    "tracking": {
      "current_release_date": "2026-05-25T14:25:15+00:00",
      "generator": {
        "date": "2026-05-25T14:25:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:1049",
      "initial_release_date": "2023-03-01T21:58:17+00:00",
      "revision_history": [
        {
          "date": "2023-03-01T21:58:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-01T21:58:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-25T14:25:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7",
                "product": {
                  "name": "Red Hat Single Sign-On 7",
                  "product_id": "Red Hat Single Sign-On 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-14040",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-07-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1601614"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1601614",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
        }
      ],
      "release_date": "2018-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
    },
    {
      "cve": "CVE-2018-14042",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-07-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1601617"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14042"
        },
        {
          "category": "external",
          "summary": "RHBZ#1601617",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
        }
      ],
      "release_date": "2018-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
    },
    {
      "cve": "CVE-2019-11358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1701972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "RHBZ#1701972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
          "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
        },
        {
          "category": "external",
          "summary": "https://www.drupal.org/sa-core-2019-006",
          "url": "https://www.drupal.org/sa-core-2019-006"
        }
      ],
      "release_date": "2019-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
    },
    {
      "cve": "CVE-2020-11022",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828406"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828406",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
        }
      ],
      "release_date": "2020-04-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
    },
    {
      "cve": "CVE-2020-11023",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1850004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "RHBZ#1850004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
          "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-04-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2025-01-23T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
    },
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2021-44906",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimist: prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
        }
      ],
      "release_date": "2022-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimist: prototype pollution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Marcus Nilsson"
          ],
          "organization": "usd AG"
        }
      ],
      "cve": "CVE-2022-1274",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-04-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2073157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: HTML injection in execute-actions-email Admin REST API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "RHBZ#2073157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725",
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"
        }
      ],
      "release_date": "2023-02-28T18:57:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: HTML injection in execute-actions-email Admin REST API"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Grzegorz Tworek"
          ],
          "organization": "SISOFT s.c."
        }
      ],
      "cve": "CVE-2022-1438",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2031904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: XSS on impersonation under specific circumstances",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1438"
        },
        {
          "category": "external",
          "summary": "RHBZ#2031904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438"
        }
      ],
      "release_date": "2023-02-28T18:56:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: XSS on impersonation under specific circumstances"
    },
    {
      "cve": "CVE-2022-1471",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
        }
      ],
      "release_date": "2022-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ayta\u00e7 Kal\u0131nc\u0131",
            "Ilker Bulgurcu",
            "Yasin Y\u0131lmaz"
          ],
          "organization": "NETA\u015e PENTEST TEAM"
        }
      ],
      "cve": "CVE-2022-2237",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2097007"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Adapter: Open redirect vulnerability in checkSSO",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2237"
        },
        {
          "category": "external",
          "summary": "RHBZ#2097007",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2237",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2237"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237"
        }
      ],
      "release_date": "2023-03-01T13:57:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Adapter: Open redirect vulnerability in checkSSO"
    },
    {
      "cve": "CVE-2022-2764",
      "discovery_date": "2022-08-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2117506"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2764"
        },
        {
          "category": "external",
          "summary": "RHBZ#2117506",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764"
        }
      ],
      "release_date": "2022-08-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations"
    },
    {
      "cve": "CVE-2022-3782",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-10-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2138971"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path traversal via double URL encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3782"
        },
        {
          "category": "external",
          "summary": "RHBZ#2138971",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path traversal via double URL encoding"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Peter Flintholm"
          ],
          "organization": "Trifork"
        }
      ],
      "cve": "CVE-2022-3916",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2022-11-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2141404"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Session takeover with OIDC offline refreshtokens",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3916"
        },
        {
          "category": "external",
          "summary": "RHBZ#2141404",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916"
        }
      ],
      "release_date": "2022-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Session takeover with OIDC offline refreshtokens"
    },
    {
      "cve": "CVE-2022-4137",
      "cwe": {
        "id": "CWE-81",
        "name": "Improper Neutralization of Script in an Error Message Web Page"
      },
      "discovery_date": "2022-11-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2148496"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: reflected XSS attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2148496",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137"
        }
      ],
      "release_date": "2023-03-01T13:56:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: reflected XSS attack"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Quay 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-25857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-09-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2126789"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2126789",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
        }
      ],
      "release_date": "2022-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    },
    {
      "cve": "CVE-2022-37603",
      "cwe": {
        "id": "CWE-185",
        "name": "Incorrect Regular Expression"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
        }
      ],
      "release_date": "2022-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: Regular expression denial of service"
    },
    {
      "cve": "CVE-2022-38749",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129706"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38749"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129706",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
    },
    {
      "cve": "CVE-2022-38750",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38750"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
    },
    {
      "cve": "CVE-2022-38751",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129709"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38751"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129709",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
    },
    {
      "cve": "CVE-2022-40149",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: parser crash by stackoverflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
          "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: parser crash by stackoverflow"
    },
    {
      "cve": "CVE-2022-40150",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135770"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: memory exhaustion via user-supplied XML or JSON data",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135770",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
          "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jettison: memory exhaustion via user-supplied XML or JSON data"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
    },
    {
      "cve": "CVE-2022-42004",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135247"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: use of deeply nested arrays",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135247",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: use of deeply nested arrays"
    },
    {
      "cve": "CVE-2022-45047",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2145194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd: Java unsafe deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2145194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
          "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
        }
      ],
      "release_date": "2022-11-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        },
        {
          "category": "workaround",
          "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mina-sshd: Java unsafe deserialization vulnerability"
    },
    {
      "cve": "CVE-2022-45693",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155970"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155970",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
    },
    {
      "cve": "CVE-2022-46175",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json5: Prototype Pollution in JSON5 via Parse Method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
          "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
        }
      ],
      "release_date": "2022-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    },
    {
      "cve": "CVE-2022-46363",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: directory listing / code exfiltration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
          "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CXF: directory listing / code exfiltration"
    },
    {
      "cve": "CVE-2022-46364",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155682"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: SSRF Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155682",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
          "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CXF: SSRF Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Sourav Kumar"
          ],
          "organization": "https://github.com/souravs17031999",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0091",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-10-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158585"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Client Registration endpoint does not check token revocation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158585",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg",
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/security/issues/27",
          "url": "https://github.com/keycloak/security/issues/27"
        }
      ],
      "release_date": "2022-10-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Client Registration endpoint does not check token revocation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jordi Zayuelas i Mu\u00f1oz"
          ],
          "organization": "A1 Digital",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0264",
      "cwe": {
        "id": "CWE-303",
        "name": "Incorrect Implementation of Authentication Algorithm"
      },
      "discovery_date": "2023-01-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2160585"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: user impersonation via stolen uuid code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#2160585",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264"
        }
      ],
      "release_date": "2023-02-28T18:58:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: user impersonation via stolen uuid code"
    }
  ]
}

RHSA-2023:1428

Vulnerability from csaf_redhat - Published: 2023-03-23 02:16 - Updated: 2026-05-27 20:17

Summary

Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

Severity

Important

Notes

Topic: The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927) * loader-utils: Regular expression denial of service (CVE-2022-37603) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The velero image cannot be overridden in the operator (BZ#2143389) * Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149) * UI fails to render the 'migrations' page: "Cannot read properties of undefined (reading 'name')" (BZ#2163485) * Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)

CVE-2020-36567

A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-117 - Improper Output Neutralization for Logs

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

CVE-2022-24999

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

CVE-2022-25881

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

CVE-2022-25927

A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

CVE-2022-37603

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-185 - Incorrect Regular Expression

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

CVE-2022-38900

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Important

CVE-2022-46175

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

CVE-2022-48285

A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-23 - Relative Path Traversal

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64		—
Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64		—

Threats

Impact Moderate

References

63 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1428	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143389	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://bugzilla.redhat.com/show_bug.cgi?id=2152149	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156683	external
https://bugzilla.redhat.com/show_bug.cgi?id=2163485	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165020	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165797	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2173742	external
https://issues.redhat.com/browse/MIG-1298	external
https://issues.redhat.com/browse/MIG-1315	external
https://issues.redhat.com/browse/MIG-1318	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-36567	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156683	external
https://www.cve.org/CVERecord?id=CVE-2020-36567	external
https://nvd.nist.gov/vuln/detail/CVE-2020-36567	external
https://github.com/gin-gonic/gin/commit/a71af9c14…	external
https://github.com/gin-gonic/gin/pull/2237	external
https://pkg.go.dev/vuln/GO-2020-0001	external
https://access.redhat.com/security/cve/CVE-2022-24999	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://www.cve.org/CVERecord?id=CVE-2022-24999	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24999	external
https://github.com/expressjs/express/releases/tag…	external
https://github.com/ljharb/qs/pull/428	external
https://github.com/n8tz/CVE-2022-24999	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2022-25927	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165020	external
https://www.cve.org/CVERecord?id=CVE-2022-25927	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25927	external
https://access.redhat.com/security/cve/CVE-2022-37603	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://www.cve.org/CVERecord?id=CVE-2022-37603	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37603	external
https://access.redhat.com/security/cve/CVE-2022-38900	self
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://www.cve.org/CVERecord?id=CVE-2022-38900	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38900	external
https://github.com/SamVerschueren/decode-uri-comp…	external
https://github.com/advisories/GHSA-w573-4hg7-7wgq	external
https://access.redhat.com/security/cve/CVE-2022-46175	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://www.cve.org/CVERecord?id=CVE-2022-46175	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46175	external
https://github.com/json5/json5/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2022-48285	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165797	external
https://www.cve.org/CVERecord?id=CVE-2022-48285	external
https://nvd.nist.gov/vuln/detail/CVE-2022-48285	external
https://exchange.xforce.ibmcloud.com/vulnerabilit…	external
https://github.com/Stuk/jszip/commit/2edab366119c…	external
https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0	external
https://www.mend.io/vulnerability-database/WS-2023-0004	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.7.8 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The velero image cannot be overridden in the operator (BZ#2143389)\n\n* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)\n\n* UI fails to render the \u0027migrations\u0027 page: \"Cannot read properties of undefined (reading \u0027name\u0027)\" (BZ#2163485)\n\n* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1428",
        "url": "https://access.redhat.com/errata/RHSA-2023:1428"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2140597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
      },
      {
        "category": "external",
        "summary": "2143389",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143389"
      },
      {
        "category": "external",
        "summary": "2150323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
      },
      {
        "category": "external",
        "summary": "2152149",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152149"
      },
      {
        "category": "external",
        "summary": "2156263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
      },
      {
        "category": "external",
        "summary": "2156683",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
      },
      {
        "category": "external",
        "summary": "2163485",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163485"
      },
      {
        "category": "external",
        "summary": "2165020",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020"
      },
      {
        "category": "external",
        "summary": "2165797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2170644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
      },
      {
        "category": "external",
        "summary": "2173742",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173742"
      },
      {
        "category": "external",
        "summary": "MIG-1298",
        "url": "https://issues.redhat.com/browse/MIG-1298"
      },
      {
        "category": "external",
        "summary": "MIG-1315",
        "url": "https://issues.redhat.com/browse/MIG-1315"
      },
      {
        "category": "external",
        "summary": "MIG-1318",
        "url": "https://issues.redhat.com/browse/MIG-1318"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1428.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-05-27T20:17:20+00:00",
      "generator": {
        "date": "2026-05-27T20:17:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:1428",
      "initial_release_date": "2023-03-23T02:16:09+00:00",
      "revision_history": [
        {
          "date": "2023-03-23T02:16:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-23T02:16:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-27T20:17:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.7",
                "product": {
                  "name": "8Base-RHMTC-1.7",
                  "product_id": "8Base-RHMTC-1.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.8-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
                  "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
                  "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.8-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
                  "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
                  "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.8-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.8-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.8-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.8-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.8-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
                "product": {
                  "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
                  "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.8-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        },
        "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36567",
      "cwe": {
        "id": "CWE-117",
        "name": "Improper Output Neutralization for Logs"
      },
      "discovery_date": "2022-12-28T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156683"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-36567"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156683",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36567"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567"
        },
        {
          "category": "external",
          "summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d",
          "url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"
        },
        {
          "category": "external",
          "summary": "https://github.com/gin-gonic/gin/pull/2237",
          "url": "https://github.com/gin-gonic/gin/pull/2237"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2020-0001",
          "url": "https://pkg.go.dev/vuln/GO-2020-0001"
        }
      ],
      "release_date": "2022-12-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin"
    },
    {
      "cve": "CVE-2022-24999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150323"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: \"qs\" prototype poisoning causes the hang of the node process",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150323",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
          "url": "https://github.com/expressjs/express/releases/tag/4.17.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/pull/428",
          "url": "https://github.com/ljharb/qs/pull/428"
        },
        {
          "category": "external",
          "summary": "https://github.com/n8tz/CVE-2022-24999",
          "url": "https://github.com/n8tz/CVE-2022-24999"
        }
      ],
      "release_date": "2022-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: \"qs\" prototype poisoning causes the hang of the node process"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "cve": "CVE-2022-25927",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165020"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ua-parser-js: ReDoS vulnerability via the trim() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25927"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165020",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927"
        }
      ],
      "release_date": "2023-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ua-parser-js: ReDoS vulnerability via the trim() function"
    },
    {
      "cve": "CVE-2022-37603",
      "cwe": {
        "id": "CWE-185",
        "name": "Incorrect Regular Expression"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
        }
      ],
      "release_date": "2022-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: Regular expression denial of service"
    },
    {
      "cve": "CVE-2022-38900",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-02-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2170644"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "decode-uri-component: improper input validation resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "RHBZ#2170644",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
          "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
          "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
        }
      ],
      "release_date": "2022-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "decode-uri-component: improper input validation resulting in DoS"
    },
    {
      "cve": "CVE-2022-46175",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json5: Prototype Pollution in JSON5 via Parse Method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
          "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
        }
      ],
      "release_date": "2022-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    },
    {
      "cve": "CVE-2022-48285",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165797"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jszip: directory traversal via a crafted ZIP archive",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-48285"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165797",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285"
        },
        {
          "category": "external",
          "summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499",
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499"
        },
        {
          "category": "external",
          "summary": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15",
          "url": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15"
        },
        {
          "category": "external",
          "summary": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0",
          "url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0"
        },
        {
          "category": "external",
          "summary": "https://www.mend.io/vulnerability-database/WS-2023-0004",
          "url": "https://www.mend.io/vulnerability-database/WS-2023-0004"
        }
      ],
      "release_date": "2023-01-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T02:16:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1428"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jszip: directory traversal via a crafted ZIP archive"
    }
  ]
}

RHSA-2023:3374

Vulnerability from csaf_redhat - Published: 2023-05-31 10:51 - Updated: 2026-04-01 13:19

Summary

Red Hat Security Advisory: Migration Toolkit for Runtimes security update

Severity

Moderate

Notes

Topic: Migration Toolkit for Runtimes 1.1.0 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Migration Toolkit for Runtimes 1.1.0 ZIP artifacts Security Fix(es): * loader-utils: Regular expression denial of service (CVE-2022-37603) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-37603

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-185 - Incorrect Regular Expression

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41881

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix

Threats

Impact Moderate

References

14 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:3374	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153379	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-37603	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://www.cve.org/CVERecord?id=CVE-2022-37603	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37603	external
https://access.redhat.com/security/cve/CVE-2022-41881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2153379	external
https://www.cve.org/CVERecord?id=CVE-2022-41881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41881	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Runtimes 1.1.0 release\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Runtimes 1.1.0 ZIP artifacts\n\nSecurity Fix(es):\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:3374",
        "url": "https://access.redhat.com/errata/RHSA-2023:3374"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
      },
      {
        "category": "external",
        "summary": "2140597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
      },
      {
        "category": "external",
        "summary": "2153379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3374.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security update",
    "tracking": {
      "current_release_date": "2026-04-01T13:19:40+00:00",
      "generator": {
        "date": "2026-04-01T13:19:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2023:3374",
      "initial_release_date": "2023-05-31T10:51:35+00:00",
      "revision_history": [
        {
          "date": "2023-05-31T10:51:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-05-31T10:51:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T13:19:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                "product": {
                  "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Runtimes"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-37603",
      "cwe": {
        "id": "CWE-185",
        "name": "Incorrect Regular Expression"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
        }
      ],
      "release_date": "2022-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-31T10:51:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3374"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: Regular expression denial of service"
    },
    {
      "cve": "CVE-2022-41881",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-31T10:51:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3374"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
    }
  ]
}

WID-SEC-W-2023-0809

Vulnerability from csaf_certbund - Published: 2023-03-30 22:00 - Updated: 2024-02-19 23:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux

CVE-2023-22809

In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-4883

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-46364

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-46363

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-45143

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-42890

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-4254

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-42252

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41966

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41946

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41704

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40156

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40155

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40154

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40153

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40152

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40150

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40149

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37603

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37601

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37599

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37598

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-3676

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-36364

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-36033

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-34917

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-31197

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-31129

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-2964

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-28733

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-2795

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25927

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25901

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25758

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25647

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24999

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24839

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24823

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24785

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-23437

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-22971

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-22970

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21724

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21628

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21626

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21624

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21619

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-43797

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-42740

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-42581

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-39227

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-3918

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-3807

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37713

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37712

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37701

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-3765

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37137

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37136

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-32804

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-32803

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-29060

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-26401

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-25220

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23450

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23382

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23368

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23364

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23362

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23343

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-21409

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-21295

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-21290

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-7764

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-5259

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-24025

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-15366

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-13936

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-6286

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-6284

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-6283

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-10785

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-8036

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-20821

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-20190

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19839

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19838

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19827

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19797

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-15494

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-11698

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-11694

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/6967283	external
https://www.ibm.com/support/pages/node/6967333	external
https://www.ibm.com/support/pages/node/6980799	external
https://www.ibm.com/support/pages/node/7108657	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0809 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0809.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0809 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0809"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6967283 vom 2023-03-30",
        "url": "https://www.ibm.com/support/pages/node/6967283"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6967333 vom 2023-03-30",
        "url": "https://www.ibm.com/support/pages/node/6967333"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6980799 vom 2023-04-04",
        "url": "https://www.ibm.com/support/pages/node/6980799"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7108657 vom 2024-01-17",
        "url": "https://www.ibm.com/support/pages/node/7108657"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-5ECC250449 vom 2024-02-19",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:38.606+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0809",
      "initial_release_date": "2023-03-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-03-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-02-19T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c User Behavior Analytics 4.1.11",
                "product": {
                  "name": "IBM QRadar SIEM \u003c User Behavior Analytics 4.1.11",
                  "product_id": "T027026"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 7.4.3 FP9",
                "product": {
                  "name": "IBM QRadar SIEM \u003c 7.4.3 FP9",
                  "product_id": "T027027"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 7.5.0 UP5",
                "product": {
                  "name": "IBM QRadar SIEM \u003c 7.5.0 UP5",
                  "product_id": "T027028"
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-22809",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-22809"
    },
    {
      "cve": "CVE-2022-4883",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-4883"
    },
    {
      "cve": "CVE-2022-46364",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-46364"
    },
    {
      "cve": "CVE-2022-46363",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-46363"
    },
    {
      "cve": "CVE-2022-45143",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-45143"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-4254",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-4254"
    },
    {
      "cve": "CVE-2022-42252",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41946",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-41946"
    },
    {
      "cve": "CVE-2022-41704",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-40156",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40156"
    },
    {
      "cve": "CVE-2022-40155",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40155"
    },
    {
      "cve": "CVE-2022-40154",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40154"
    },
    {
      "cve": "CVE-2022-40153",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40153"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40150",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40149",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40149"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37598",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37598"
    },
    {
      "cve": "CVE-2022-3676",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-3676"
    },
    {
      "cve": "CVE-2022-36364",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-36364"
    },
    {
      "cve": "CVE-2022-36033",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-34917",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-34917"
    },
    {
      "cve": "CVE-2022-31197",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-31197"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-2964",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-2964"
    },
    {
      "cve": "CVE-2022-28733",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-28733"
    },
    {
      "cve": "CVE-2022-2795",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-2795"
    },
    {
      "cve": "CVE-2022-25927",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25927"
    },
    {
      "cve": "CVE-2022-25901",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25901"
    },
    {
      "cve": "CVE-2022-25758",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25758"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-24999",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-24839",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24839"
    },
    {
      "cve": "CVE-2022-24823",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24823"
    },
    {
      "cve": "CVE-2022-24785",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24785"
    },
    {
      "cve": "CVE-2022-23437",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-23437"
    },
    {
      "cve": "CVE-2022-22971",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-22971"
    },
    {
      "cve": "CVE-2022-22970",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-22970"
    },
    {
      "cve": "CVE-2022-21724",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21724"
    },
    {
      "cve": "CVE-2022-21628",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21628"
    },
    {
      "cve": "CVE-2022-21626",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21626"
    },
    {
      "cve": "CVE-2022-21624",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21624"
    },
    {
      "cve": "CVE-2022-21619",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21619"
    },
    {
      "cve": "CVE-2021-43797",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-43797"
    },
    {
      "cve": "CVE-2021-42740",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2021-42581",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-42581"
    },
    {
      "cve": "CVE-2021-39227",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-39227"
    },
    {
      "cve": "CVE-2021-3918",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-3918"
    },
    {
      "cve": "CVE-2021-3807",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-3807"
    },
    {
      "cve": "CVE-2021-37713",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37713"
    },
    {
      "cve": "CVE-2021-37712",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37712"
    },
    {
      "cve": "CVE-2021-37701",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37701"
    },
    {
      "cve": "CVE-2021-3765",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-3765"
    },
    {
      "cve": "CVE-2021-37137",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37137"
    },
    {
      "cve": "CVE-2021-37136",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37136"
    },
    {
      "cve": "CVE-2021-32804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-32804"
    },
    {
      "cve": "CVE-2021-32803",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-32803"
    },
    {
      "cve": "CVE-2021-29060",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-26401",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-26401"
    },
    {
      "cve": "CVE-2021-25220",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-25220"
    },
    {
      "cve": "CVE-2021-23450",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23450"
    },
    {
      "cve": "CVE-2021-23382",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-23368",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23368"
    },
    {
      "cve": "CVE-2021-23364",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23364"
    },
    {
      "cve": "CVE-2021-23362",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23362"
    },
    {
      "cve": "CVE-2021-23343",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-21409",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-21409"
    },
    {
      "cve": "CVE-2021-21295",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-21295"
    },
    {
      "cve": "CVE-2021-21290",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-21290"
    },
    {
      "cve": "CVE-2020-7764",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-7764"
    },
    {
      "cve": "CVE-2020-5259",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-5259"
    },
    {
      "cve": "CVE-2020-24025",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-24025"
    },
    {
      "cve": "CVE-2020-15366",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-15366"
    },
    {
      "cve": "CVE-2020-13936",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2019-6286",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-6286"
    },
    {
      "cve": "CVE-2019-6284",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-6284"
    },
    {
      "cve": "CVE-2019-6283",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-6283"
    },
    {
      "cve": "CVE-2019-10785",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-10785"
    },
    {
      "cve": "CVE-2018-8036",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-8036"
    },
    {
      "cve": "CVE-2018-20821",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-20821"
    },
    {
      "cve": "CVE-2018-20190",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-20190"
    },
    {
      "cve": "CVE-2018-19839",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19839"
    },
    {
      "cve": "CVE-2018-19838",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19838"
    },
    {
      "cve": "CVE-2018-19827",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19827"
    },
    {
      "cve": "CVE-2018-19797",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19797"
    },
    {
      "cve": "CVE-2018-15494",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-15494"
    },
    {
      "cve": "CVE-2018-11698",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-11698"
    },
    {
      "cve": "CVE-2018-11694",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-11694"
    }
  ]
}

WID-SEC-W-2023-1350

Vulnerability from csaf_certbund - Published: 2023-06-01 22:00 - Updated: 2025-11-18 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern

Severity

Mittel

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2017-16042

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-25032

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-10744

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-10746

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20149

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-13822

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-15138

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28469

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7662

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7753

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7774

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8116

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8169

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8177

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8203

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8231

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8284

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8285

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8286

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-20095

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22876

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22890

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22897

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22898

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22901

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22922

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22923

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22924

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22925

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22926

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22945

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22946

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22947

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23343

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23368

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23382

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27292

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29060

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31566

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33502

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33503

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33587

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3520

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36976

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3803

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-43565

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1705

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1962

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-22576

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23491

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23772

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23773

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23806

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24675

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24921

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24999

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-25858

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27191

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27664

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27774

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27775

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27776

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27778

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27779

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27780

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27781

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27782

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28131

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28327

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2879

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2880

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29526

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29804

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30115

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30580

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30629

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30630

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30631

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30632

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30633

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30634

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30635

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31129

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32148

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32189

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32205

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32206

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32207

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32208

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32221

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-33987

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3517

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35252

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35260

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35737

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-36227

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37434

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37599

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37601

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37603

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37616

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-38900

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40023

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40303

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40304

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41715

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41716

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41720

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-4200

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42004

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42915

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42916

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-4304

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43551

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43552

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43680

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-46175

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-0215

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-0286

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-1370

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23914

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23915

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23916

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27533

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27534

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27535

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27536

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27537

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27538

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com/advisories/SVD-2023-0613	external
https://www.ibm.com/support/pages/node/7008449	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1350 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1350 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350"
      },
      {
        "category": "external",
        "summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01",
        "url": "https://advisory.splunk.com/advisories/SVD-2023-0613"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:52.592+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-1350",
      "initial_release_date": "2023-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-02-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.1.14",
                  "product_id": "T027935"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.1.14",
                  "product_id": "T027935-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.1.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.11",
                  "product_id": "T027936"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.2.11",
                  "product_id": "T027936-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.5",
                  "product_id": "T027937"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.5",
                  "product_id": "T027937-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16042",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2017-16042"
    },
    {
      "cve": "CVE-2018-25032",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2018-25032"
    },
    {
      "cve": "CVE-2019-10744",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10744"
    },
    {
      "cve": "CVE-2019-10746",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10746"
    },
    {
      "cve": "CVE-2019-20149",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-20149"
    },
    {
      "cve": "CVE-2020-13822",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-13822"
    },
    {
      "cve": "CVE-2020-15138",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-15138"
    },
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-7662",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7662"
    },
    {
      "cve": "CVE-2020-7753",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7753"
    },
    {
      "cve": "CVE-2020-7774",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7774"
    },
    {
      "cve": "CVE-2020-8116",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8116"
    },
    {
      "cve": "CVE-2020-8169",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8177",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8203",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-8231",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8284",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8285",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8286",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2021-20095",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-20095"
    },
    {
      "cve": "CVE-2021-22876",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-22890",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22897",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22898",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22901",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22922",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22926",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22945",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22946",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22947",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-23343",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23368",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23368"
    },
    {
      "cve": "CVE-2021-23382",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-27292",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-27292"
    },
    {
      "cve": "CVE-2021-29060",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-31566",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-33502",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33502"
    },
    {
      "cve": "CVE-2021-33503",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33503"
    },
    {
      "cve": "CVE-2021-33587",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33587"
    },
    {
      "cve": "CVE-2021-3520",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-36976",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-43565",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-23491",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-23772",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24675",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24999",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-25858",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-27191",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-27664",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27778",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27779",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27780",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-28327",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2879",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-2880",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-29526",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29804",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-30115",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-30580",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30629",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30634",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32189",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-33987",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-3517",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-35260",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35737",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-36227",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-37434",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37616",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37616"
    },
    {
      "cve": "CVE-2022-38900",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40303",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-40304",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-41715",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-41716",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41720",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-4200",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4200"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-4304",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43680",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-0215",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-1370",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27537",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    }
  ]
}

WID-SEC-W-2023-2229

Vulnerability from csaf_certbund - Published: 2023-08-30 22:00 - Updated: 2025-11-18 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2013-7489

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-10237

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-20225

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20454

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20838

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-14155

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28469

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28851

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-29652

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8169

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8177

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8231

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8284

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8285

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8286

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8908

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-20066

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22569

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22876

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22890

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22897

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22898

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22901

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22922

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22923

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22924

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22925

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22926

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22945

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22946

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22947

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23343

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23382

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27918

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27919

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29060

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29425

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29923

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31525

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31566

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33194

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33195

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33196

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33197

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33198

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-34558

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3520

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3572

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36221

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36976

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3803

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-38297

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-38561

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-39293

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41182

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41183

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41184

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41771

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41772

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-43565

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-44716

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-44717

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1705

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1941

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1962

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-22576

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2309

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23491

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23772

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23773

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23806

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24675

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24921

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24999

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-25881

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27191

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27536

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27664

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27774

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27775

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27776

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27778

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27779

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27780

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27781

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27782

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28131

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28327

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2879

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2880

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29526

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29804

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30115

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30580

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30629

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30630

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30631

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30632

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30633

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30634

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30635

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31129

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3171

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32148

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32149

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32189

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32205

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32206

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32207

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32208

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32221

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-33987

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3509

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3510

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3517

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35252

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35260

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35737

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-36227

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37599

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37601

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37603

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-38900

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40023

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40897

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40899

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41715

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41716

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41720

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41722

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42003

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42004

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42915

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42916

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43551

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43552

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-46175

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23914

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23915

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23916

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-24539

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-24540

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27533

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27534

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27535

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27536

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27537

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27538

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29400

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29402

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29403

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29404

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29405

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40592

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40593

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40594

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40595

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40596

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40597

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40598

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com//advisories/SVD-2023-0801	external
https://advisory.splunk.com//advisories/SVD-2023-0802	external
https://advisory.splunk.com//advisories/SVD-2023-0803	external
https://advisory.splunk.com//advisories/SVD-2023-0804	external
https://advisory.splunk.com//advisories/SVD-2023-0805	external
https://advisory.splunk.com//advisories/SVD-2023-0806	external
https://advisory.splunk.com//advisories/SVD-2023-0807	external
https://advisory.splunk.com//advisories/SVD-2023-0808	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://linux.oracle.com/errata/ELSA-2024-2988.html	external
https://advisory.splunk.com/advisories/SVD-2024-0718	external
https://advisory.splunk.com//advisories/SVD-2024-0801	external
https://lists.opensuse.org/archives/list/security…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2229 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2229 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:41.445+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-2229",
      "initial_release_date": "2023-08-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2025-10-12T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise",
                "product": {
                  "name": "Splunk Splunk Enterprise",
                  "product_id": "T008911",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.1",
                  "product_id": "T029634"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.1",
                  "product_id": "T029634-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.6",
                  "product_id": "T029635"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.6",
                  "product_id": "T029635-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.12",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.12",
                  "product_id": "T029636"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.12",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.2.12",
                  "product_id": "T029636-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.2.1",
                  "product_id": "T033705-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033718"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.4",
                  "product_id": "T033718-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033720"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.9",
                  "product_id": "T033720-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-7489",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2013-7489"
    },
    {
      "cve": "CVE-2018-10237",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-20225",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2018-20225"
    },
    {
      "cve": "CVE-2019-20454",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2019-20454"
    },
    {
      "cve": "CVE-2019-20838",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2019-20838"
    },
    {
      "cve": "CVE-2020-14155",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-14155"
    },
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-28851",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-28851"
    },
    {
      "cve": "CVE-2020-29652",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-29652"
    },
    {
      "cve": "CVE-2020-8169",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8177",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8231",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8284",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8285",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8286",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2020-8908",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2021-20066",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-20066"
    },
    {
      "cve": "CVE-2021-22569",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2021-22876",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-22890",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22897",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22898",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22901",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22922",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22926",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22945",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22946",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22947",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-23343",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23382",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-27918",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-27918"
    },
    {
      "cve": "CVE-2021-27919",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-27919"
    },
    {
      "cve": "CVE-2021-29060",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-29425",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-29923",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29923"
    },
    {
      "cve": "CVE-2021-31525",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-31525"
    },
    {
      "cve": "CVE-2021-31566",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-33194",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33194"
    },
    {
      "cve": "CVE-2021-33195",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33195"
    },
    {
      "cve": "CVE-2021-33196",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33196"
    },
    {
      "cve": "CVE-2021-33197",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33197"
    },
    {
      "cve": "CVE-2021-33198",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33198"
    },
    {
      "cve": "CVE-2021-34558",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-34558"
    },
    {
      "cve": "CVE-2021-3520",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-3572",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3572"
    },
    {
      "cve": "CVE-2021-36221",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-36221"
    },
    {
      "cve": "CVE-2021-36976",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-38297",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-38297"
    },
    {
      "cve": "CVE-2021-38561",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-38561"
    },
    {
      "cve": "CVE-2021-39293",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-39293"
    },
    {
      "cve": "CVE-2021-41182",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41182"
    },
    {
      "cve": "CVE-2021-41183",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41183"
    },
    {
      "cve": "CVE-2021-41184",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-41771",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41771"
    },
    {
      "cve": "CVE-2021-41772",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41772"
    },
    {
      "cve": "CVE-2021-43565",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2021-44716",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-44717"
    },
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1941",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1941"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-2309",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2309"
    },
    {
      "cve": "CVE-2022-23491",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-23772",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24675",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24999",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-25881",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-25881"
    },
    {
      "cve": "CVE-2022-27191",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-27536",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27536"
    },
    {
      "cve": "CVE-2022-27664",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27778",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27779",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27780",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-28327",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2879",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-2880",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-29526",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29804",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-30115",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-30580",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30629",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30634",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-3171",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32149",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32149"
    },
    {
      "cve": "CVE-2022-32189",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-33987",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-3509",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3510",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3510"
    },
    {
      "cve": "CVE-2022-3517",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-35260",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35737",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-36227",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-38900",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40897",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40897"
    },
    {
      "cve": "CVE-2022-40899",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40899"
    },
    {
      "cve": "CVE-2022-41715",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-41716",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41720",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-41722",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41722"
    },
    {
      "cve": "CVE-2022-42003",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-24539",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-24539"
    },
    {
      "cve": "CVE-2023-24540",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-24540"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27537",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-29400",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29400"
    },
    {
      "cve": "CVE-2023-29402",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29402"
    },
    {
      "cve": "CVE-2023-29403",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29403"
    },
    {
      "cve": "CVE-2023-29404",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29404"
    },
    {
      "cve": "CVE-2023-29405",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29405"
    },
    {
      "cve": "CVE-2023-40592",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40592"
    },
    {
      "cve": "CVE-2023-40593",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40593"
    },
    {
      "cve": "CVE-2023-40594",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40594"
    },
    {
      "cve": "CVE-2023-40595",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40595"
    },
    {
      "cve": "CVE-2023-40596",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40596"
    },
    {
      "cve": "CVE-2023-40597",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40597"
    },
    {
      "cve": "CVE-2023-40598",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40598"
    }
  ]
}

WID-SEC-W-2024-0049

Vulnerability from csaf_certbund - Published: 2024-01-09 23:00 - Updated: 2025-11-18 23:00

Summary

Splunk Enterprise: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder unbekannte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2015-5237

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2021-23446

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-25883

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-3171

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-3509

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-3510

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-37599

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-37601

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-37603

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-46175

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2023-2976

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2023-32695

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2023-45133

Affected products

Known affected 11 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise UBA <5.3.0 Splunk / Splunk Enterprise		UBA <5.3.0
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Splunk Splunk Enterprise UBA <5.2.1 Splunk / Splunk Enterprise		UBA <5.2.1
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2024-22164

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2024-22165

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise Security <7.2.0 Splunk / Splunk Enterprise		Security <7.2.0
Splunk Splunk Enterprise Security <7.3.0 Splunk / Splunk Enterprise		Security <7.3.0
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise Security <7.1.2 Splunk / Splunk Enterprise		Security <7.1.2
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com//advisories/SVD-2024-0101	external
https://advisory.splunk.com//advisories/SVD-2024-0102	external
https://advisory.splunk.com//advisories/SVD-2024-0103	external
https://advisory.splunk.com//advisories/SVD-2024-0104	external
https://advisory.splunk.com//advisories/SVD-2024-0112	external
https://advisory.splunk.com/advisories/SVD-2024-0718	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0049 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0049.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0049 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0049"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0101 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0101"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0102 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0102"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0103 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0103"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0104 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0104"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0112 vom 2024-01-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0112"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:42.231+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2024-0049",
      "initial_release_date": "2024-01-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c10.0.2",
                  "product_id": "T048675"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket 10.0.2",
                  "product_id": "T048675-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
                  "product_id": "T048676"
                }
              },
              {
                "category": "product_version",
                "name": "8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 8.19.25 (LTS)",
                  "product_id": "T048676-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
                  "product_id": "T048677"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 9.4.13 (LTS)",
                  "product_id": "T048677-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Security \u003c7.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.3.0",
                  "product_id": "T031923"
                }
              },
              {
                "category": "product_version",
                "name": "Security 7.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security 7.3.0",
                  "product_id": "T031923-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:security__7.3.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Security \u003c7.2.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.2.0",
                  "product_id": "T031924"
                }
              },
              {
                "category": "product_version",
                "name": "Security 7.2.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security 7.2.0",
                  "product_id": "T031924-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:security__7.2.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Security \u003c7.1.2",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.1.2",
                  "product_id": "T031925"
                }
              },
              {
                "category": "product_version",
                "name": "Security 7.1.2",
                "product": {
                  "name": "Splunk Splunk Enterprise Security 7.1.2",
                  "product_id": "T031925-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:security__7.1.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "UBA \u003c5.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA \u003c5.3.0",
                  "product_id": "T031926"
                }
              },
              {
                "category": "product_version",
                "name": "UBA 5.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA 5.3.0",
                  "product_id": "T031926-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:uba__5.3.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "UBA \u003c5.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA \u003c5.2.1",
                  "product_id": "T031927"
                }
              },
              {
                "category": "product_version",
                "name": "UBA 5.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA 5.2.1",
                  "product_id": "T031927-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:uba__5.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.2.1",
                  "product_id": "T033705-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033718"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.4",
                  "product_id": "T033718-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033720"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.9",
                  "product_id": "T033720-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-5237",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2015-5237"
    },
    {
      "cve": "CVE-2021-23446",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2021-23446"
    },
    {
      "cve": "CVE-2022-25883",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2022-3171",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-3509",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3510",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3510"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-2976",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-32695",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-32695"
    },
    {
      "cve": "CVE-2023-45133",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031926",
          "T031925",
          "T031927",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-45133"
    },
    {
      "cve": "CVE-2024-22164",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031925",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2024-22164"
    },
    {
      "cve": "CVE-2024-22165",
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T031924",
          "T031923",
          "T033705",
          "T031925",
          "T048677",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2024-22165"
    }
  ]
}

WID-SEC-W-2024-0528

Vulnerability from csaf_certbund - Published: 2024-02-29 23:00 - Updated: 2024-02-29 23:00

Summary

Dell Data Protection Advisor: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Data Protection Advisor ist eine Monitoring Lösung. Der Collector ist der lokale Agent.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Windows

CVE-2023-45648

Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuführen.

CVE-2023-42795

CVE-2023-41080

CVE-2023-34055

CVE-2023-28708

CVE-2023-28154

CVE-2023-22081

CVE-2023-22067

CVE-2023-22025

CVE-2023-20883

CVE-2023-20873

CVE-2023-20863

CVE-2023-20861

CVE-2022-46175

CVE-2022-41854

CVE-2022-38752

CVE-2022-38751

CVE-2022-38750

CVE-2022-38749

CVE-2022-37603

CVE-2022-37601

CVE-2022-37599

CVE-2022-31129

CVE-2022-27772

CVE-2022-25881

CVE-2022-25858

CVE-2022-22971

CVE-2022-22970

CVE-2022-22968

CVE-2022-22965

CVE-2022-22950

CVE-2021-43980

CVE-2021-33037

CVE-2021-30640

CVE-2020-5421

CVE-2020-1938

CVE-2020-1935

CVE-2020-13943

CVE-2020-13935

CVE-2020-13934

CVE-2020-11996

CVE-2019-2684

CVE-2019-17563

CVE-2019-12418

CVE-2019-10072

CVE-2019-0232

CVE-2019-0221

CVE-2019-0199

CVE-2018-8037

CVE-2018-8034

CVE-2018-8014

CVE-2018-15756

CVE-2018-1336

CVE-2018-1305

CVE-2018-1304

CVE-2018-1275

CVE-2018-1272

CVE-2018-1271

CVE-2018-1270

CVE-2018-1257

CVE-2018-1199

CVE-2018-1196

CVE-2018-11784

CVE-2018-11040

CVE-2018-11039

CVE-2017-8046

CVE-2017-7675

CVE-2017-7674

CVE-2017-5664

CVE-2017-5651

CVE-2017-5650

CVE-2017-5648

CVE-2017-5647

CVE-2017-18640

CVE-2017-12617

CVE-2016-9878

CVE-2016-8745

CVE-2016-8735

CVE-2016-6817

CVE-2016-6816

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.dell.com/support/kbdoc/000222618/dsa-2024-=	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Data Protection Advisor ist eine Monitoring L\u00f6sung. Der Collector ist der lokale Agent.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0528 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0528.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0528 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0528"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-107 vom 2024-02-29",
        "url": "https://www.dell.com/support/kbdoc/000222618/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "Dell Data Protection Advisor: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:58.480+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0528",
      "initial_release_date": "2024-02-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 19.10",
                "product": {
                  "name": "Dell Data Protection Advisor \u003c 19.10",
                  "product_id": "T033198"
                }
              }
            ],
            "category": "product_name",
            "name": "Data Protection Advisor"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-45648"
    },
    {
      "cve": "CVE-2023-42795",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-42795"
    },
    {
      "cve": "CVE-2023-41080",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-34055",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-34055"
    },
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-28154",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-28154"
    },
    {
      "cve": "CVE-2023-22081",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22081"
    },
    {
      "cve": "CVE-2023-22067",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22067"
    },
    {
      "cve": "CVE-2023-22025",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22025"
    },
    {
      "cve": "CVE-2023-20883",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20883"
    },
    {
      "cve": "CVE-2023-20873",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20873"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-20861",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2022-46175",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2022-41854",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-38751",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38750",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38749",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-27772",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-27772"
    },
    {
      "cve": "CVE-2022-25881",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-25881"
    },
    {
      "cve": "CVE-2022-25858",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-22971",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22971"
    },
    {
      "cve": "CVE-2022-22970",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22970"
    },
    {
      "cve": "CVE-2022-22968",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22968"
    },
    {
      "cve": "CVE-2022-22965",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2022-22950",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22950"
    },
    {
      "cve": "CVE-2021-43980",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-43980"
    },
    {
      "cve": "CVE-2021-33037",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-33037"
    },
    {
      "cve": "CVE-2021-30640",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-30640"
    },
    {
      "cve": "CVE-2020-5421",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-5421"
    },
    {
      "cve": "CVE-2020-1938",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-1938"
    },
    {
      "cve": "CVE-2020-1935",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-1935"
    },
    {
      "cve": "CVE-2020-13943",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13943"
    },
    {
      "cve": "CVE-2020-13935",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13935"
    },
    {
      "cve": "CVE-2020-13934",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13934"
    },
    {
      "cve": "CVE-2020-11996",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-11996"
    },
    {
      "cve": "CVE-2019-2684",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-2684"
    },
    {
      "cve": "CVE-2019-17563",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-17563"
    },
    {
      "cve": "CVE-2019-12418",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-12418"
    },
    {
      "cve": "CVE-2019-10072",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-10072"
    },
    {
      "cve": "CVE-2019-0232",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0232"
    },
    {
      "cve": "CVE-2019-0221",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0221"
    },
    {
      "cve": "CVE-2019-0199",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0199"
    },
    {
      "cve": "CVE-2018-8037",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8037"
    },
    {
      "cve": "CVE-2018-8034",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2018-8014",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-15756",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-15756"
    },
    {
      "cve": "CVE-2018-1336",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-1305",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1305"
    },
    {
      "cve": "CVE-2018-1304",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1304"
    },
    {
      "cve": "CVE-2018-1275",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1275"
    },
    {
      "cve": "CVE-2018-1272",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1272"
    },
    {
      "cve": "CVE-2018-1271",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1271"
    },
    {
      "cve": "CVE-2018-1270",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1270"
    },
    {
      "cve": "CVE-2018-1257",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1257"
    },
    {
      "cve": "CVE-2018-1199",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1199"
    },
    {
      "cve": "CVE-2018-1196",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1196"
    },
    {
      "cve": "CVE-2018-11784",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-11040",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11040"
    },
    {
      "cve": "CVE-2018-11039",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11039"
    },
    {
      "cve": "CVE-2017-8046",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-8046"
    },
    {
      "cve": "CVE-2017-7675",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-7675"
    },
    {
      "cve": "CVE-2017-7674",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-7674"
    },
    {
      "cve": "CVE-2017-5664",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5664"
    },
    {
      "cve": "CVE-2017-5651",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5651"
    },
    {
      "cve": "CVE-2017-5650",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5650"
    },
    {
      "cve": "CVE-2017-5648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5648"
    },
    {
      "cve": "CVE-2017-5647",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5647"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-12617",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-12617"
    },
    {
      "cve": "CVE-2016-9878",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-9878"
    },
    {
      "cve": "CVE-2016-8745",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-8745"
    },
    {
      "cve": "CVE-2016-8735",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-8735"
    },
    {
      "cve": "CVE-2016-6817",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-6817"
    },
    {
      "cve": "CVE-2016-6816",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-6816"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-37603 (GCVE-0-2022-37603)

Tags

Sightings

Nomenclature