Vulnerability-Lookup

CVE-2022-41704 (GCVE-0-2022-41704)

Vulnerability from cvelistv5 – Published: 2022-10-25 00:00 – Updated: 2026-02-25 16:56

Title

Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input

Summary

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

A jar file can be loaded from svg script element

Assigner

apache

References

5 references

URL	Tags
https://lists.apache.org/thread/hplhx0o74jb7blj39…
http://www.openwall.com/lists/oss-security/2022/10/25/2	mailing-list
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://www.debian.org/security/2022/dsa-5264	vendor-advisory
https://security.gentoo.org/glsa/202401-11	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache XML Graphics	Affected: Batik , ≤ 1.15 (custom)

Credits

This issue was independently reported by 4ra1n of Chaitin Tech and pwnull

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:44.004Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf"
          },
          {
            "name": "[oss-security] 20221025 [CVE-2022-41704] Apache Batik information disclosure vulnerability",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/10/25/2"
          },
          {
            "name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html"
          },
          {
            "name": "DSA-5264",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5264"
          },
          {
            "name": "GLSA-202401-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T16:56:13.395463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T16:56:27.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache XML Graphics",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.15",
              "status": "affected",
              "version": "Batik",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was independently reported by 4ra1n of Chaitin Tech and pwnull"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A jar file can be loaded from svg script element",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T11:06:25.134Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf"
        },
        {
          "name": "[oss-security] 20221025 [CVE-2022-41704] Apache Batik information disclosure vulnerability",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/10/25/2"
        },
        {
          "name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html"
        },
        {
          "name": "DSA-5264",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5264"
        },
        {
          "name": "GLSA-202401-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-11"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-41704",
    "datePublished": "2022-10-25T00:00:00.000Z",
    "dateReserved": "2022-09-28T00:00:00.000Z",
    "dateUpdated": "2026-02-25T16:56:27.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-41704",
      "date": "2026-05-30",
      "epss": "0.00526",
      "percentile": "0.67319"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41704\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-10-25T17:15:57.527\",\"lastModified\":\"2026-02-25T18:16:54.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar c\u00f3digo Java no confiable desde un SVG. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. Es recomendado actualizar a versi\u00f3n 1.16\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.16\",\"matchCriteriaId\":\"7B523AA6-B97C-45DD-9BFD-BDFC34C1AD1C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/25/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5264\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/25/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2024:0777-1

Vulnerability from csaf_suse - Published: 2024-03-06 11:54 - Updated: 2024-03-06 11:54

Summary

Security update for xmlgraphics-batik

Severity

Important

Notes

Title of the patch: Security update for xmlgraphics-batik

Description of the patch: This update for xmlgraphics-batik fixes the following issues: - CVE-2017-5662: Fixed Apache Batik information disclosure vulnerability (bsc#1034675). - CVE-2019-17566: Fixed SSRF vulnerability (bsc#1172961). - CVE-2020-11987: Fixed Apache XML Graphics Batik SSRF vulnerability (bsc#1182748). - CVE-2022-38398: Fixed information disclosure vulnerability (bsc#1203674). - CVE-2022-38648: Fixed information disclosure vulnerability (bsc#1203673). - CVE-2022-40146: Fixed information disclosure vulnerability (bsc#1203672). - CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704). - CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709). - CVE-2022-44729: Fixed Server-Side Request Forgery. - CVE-2022-44730: Fixed Server-Side Request Forgery. Upgrade to version 1.17.

Patchnames: SUSE-2024-777,SUSE-SLE-SDK-12-SP5-2024-777

CVE-2017-5662

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact important

CVE-2019-17566

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2020-11987

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-38398

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-38648

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-40146

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-41704

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-42890

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-44729

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact important

CVE-2022-44730

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

References

40 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1034675	self
https://bugzilla.suse.com/1172961	self
https://bugzilla.suse.com/1182748	self
https://bugzilla.suse.com/1203672	self
https://bugzilla.suse.com/1203673	self
https://bugzilla.suse.com/1203674	self
https://bugzilla.suse.com/1204704	self
https://bugzilla.suse.com/1204709	self
https://www.suse.com/security/cve/CVE-2017-5662/	self
https://www.suse.com/security/cve/CVE-2019-17566/	self
https://www.suse.com/security/cve/CVE-2020-11987/	self
https://www.suse.com/security/cve/CVE-2022-38398/	self
https://www.suse.com/security/cve/CVE-2022-38648/	self
https://www.suse.com/security/cve/CVE-2022-40146/	self
https://www.suse.com/security/cve/CVE-2022-41704/	self
https://www.suse.com/security/cve/CVE-2022-42890/	self
https://www.suse.com/security/cve/CVE-2022-44729/	self
https://www.suse.com/security/cve/CVE-2022-44730/	self
https://www.suse.com/security/cve/CVE-2017-5662	external
https://bugzilla.suse.com/1034675	external
https://www.suse.com/security/cve/CVE-2019-17566	external
https://bugzilla.suse.com/1172961	external
https://www.suse.com/security/cve/CVE-2020-11987	external
https://bugzilla.suse.com/1182748	external
https://www.suse.com/security/cve/CVE-2022-38398	external
https://bugzilla.suse.com/1203674	external
https://www.suse.com/security/cve/CVE-2022-38648	external
https://bugzilla.suse.com/1203673	external
https://www.suse.com/security/cve/CVE-2022-40146	external
https://bugzilla.suse.com/1203672	external
https://www.suse.com/security/cve/CVE-2022-41704	external
https://bugzilla.suse.com/1204704	external
https://www.suse.com/security/cve/CVE-2022-42890	external
https://bugzilla.suse.com/1204709	external
https://www.suse.com/security/cve/CVE-2022-44729	external
https://www.suse.com/security/cve/CVE-2022-44730	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xmlgraphics-batik",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xmlgraphics-batik fixes the following issues:\n\n- CVE-2017-5662: Fixed Apache Batik information disclosure vulnerability (bsc#1034675).\n- CVE-2019-17566: Fixed SSRF vulnerability (bsc#1172961).\n- CVE-2020-11987: Fixed Apache XML Graphics Batik SSRF vulnerability (bsc#1182748).\n- CVE-2022-38398: Fixed information disclosure vulnerability (bsc#1203674).\n- CVE-2022-38648: Fixed information disclosure vulnerability (bsc#1203673).\n- CVE-2022-40146: Fixed information disclosure vulnerability (bsc#1203672).\n- CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704).\n- CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709).\n- CVE-2022-44729: Fixed Server-Side Request Forgery.\n- CVE-2022-44730: Fixed Server-Side Request Forgery.\n\nUpgrade to version 1.17.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-777,SUSE-SLE-SDK-12-SP5-2024-777",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0777-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0777-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240777-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0777-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018100.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034675",
        "url": "https://bugzilla.suse.com/1034675"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172961",
        "url": "https://bugzilla.suse.com/1172961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182748",
        "url": "https://bugzilla.suse.com/1182748"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203672",
        "url": "https://bugzilla.suse.com/1203672"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203673",
        "url": "https://bugzilla.suse.com/1203673"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203674",
        "url": "https://bugzilla.suse.com/1203674"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204704",
        "url": "https://bugzilla.suse.com/1204704"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204709",
        "url": "https://bugzilla.suse.com/1204709"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5662 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5662/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17566 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17566/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11987 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11987/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-38398 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-38398/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-38648 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-38648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-40146 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-40146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41704 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42890 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44729 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44729/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44730 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44730/"
      }
    ],
    "title": "Security update for xmlgraphics-batik",
    "tracking": {
      "current_release_date": "2024-03-06T11:54:24Z",
      "generator": {
        "date": "2024-03-06T11:54:24Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0777-1",
      "initial_release_date": "2024-03-06T11:54:24Z",
      "revision_history": [
        {
          "date": "2024-03-06T11:54:24Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-demo-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-demo-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-demo-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-javadoc-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-javadoc-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-javadoc-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-rasterizer-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-rasterizer-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-rasterizer-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-slideshow-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-slideshow-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-slideshow-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-squiggle-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-squiggle-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-squiggle-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-svgpp-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-svgpp-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-svgpp-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-ttf2svg-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-ttf2svg-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-ttf2svg-1.17-2.7.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-1.17-2.7.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-1.17-2.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5662",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5662"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5662",
          "url": "https://www.suse.com/security/cve/CVE-2017-5662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034675 for CVE-2017-5662",
          "url": "https://bugzilla.suse.com/1034675"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5662"
    },
    {
      "cve": "CVE-2019-17566",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17566"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17566",
          "url": "https://www.suse.com/security/cve/CVE-2019-17566"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172961 for CVE-2019-17566",
          "url": "https://bugzilla.suse.com/1172961"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17566"
    },
    {
      "cve": "CVE-2020-11987",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11987"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11987",
          "url": "https://www.suse.com/security/cve/CVE-2020-11987"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182748 for CVE-2020-11987",
          "url": "https://bugzilla.suse.com/1182748"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11987"
    },
    {
      "cve": "CVE-2022-38398",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-38398"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-38398",
          "url": "https://www.suse.com/security/cve/CVE-2022-38398"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203674 for CVE-2022-38398",
          "url": "https://bugzilla.suse.com/1203674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-38398"
    },
    {
      "cve": "CVE-2022-38648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-38648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-38648",
          "url": "https://www.suse.com/security/cve/CVE-2022-38648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203673 for CVE-2022-38648",
          "url": "https://bugzilla.suse.com/1203673"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-38648"
    },
    {
      "cve": "CVE-2022-40146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-40146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-40146",
          "url": "https://www.suse.com/security/cve/CVE-2022-40146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203672 for CVE-2022-40146",
          "url": "https://bugzilla.suse.com/1203672"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-41704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41704",
          "url": "https://www.suse.com/security/cve/CVE-2022-41704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204704 for CVE-2022-41704",
          "url": "https://bugzilla.suse.com/1204704"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-42890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42890",
          "url": "https://www.suse.com/security/cve/CVE-2022-42890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204709 for CVE-2022-42890",
          "url": "https://bugzilla.suse.com/1204709"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-44729",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44729"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44729",
          "url": "https://www.suse.com/security/cve/CVE-2022-44729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-44729"
    },
    {
      "cve": "CVE-2022-44730",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44730"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44730",
          "url": "https://www.suse.com/security/cve/CVE-2022-44730"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-44730"
    }
  ]
}

SUSE-SU-2024:0808-1

Vulnerability from csaf_suse - Published: 2024-03-07 19:46 - Updated: 2024-03-07 19:46

Summary

Security update for xmlgraphics-batik

Severity

Important

Notes

Title of the patch: Security update for xmlgraphics-batik

Description of the patch: This update for xmlgraphics-batik fixes the following issues: - CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704). - CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709). - CVE-2022-44730: Fixed Server-Side Request Forgery. - CVE-2022-44729: Fixed Server-Side Request Forgery. Upgrade to version 1.17.

Patchnames: SUSE-2024-808,SUSE-SLE-Module-Development-Tools-15-SP5-2024-808,openSUSE-SLE-15.5-2024-808

CVE-2022-41704

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2022-42890

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2022-44729

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2022-44730

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

16 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2024…	self
https://bugzilla.suse.com/1204704	self
https://bugzilla.suse.com/1204709	self
https://www.suse.com/security/cve/CVE-2022-41704/	self
https://www.suse.com/security/cve/CVE-2022-42890/	self
https://www.suse.com/security/cve/CVE-2022-44729/	self
https://www.suse.com/security/cve/CVE-2022-44730/	self
https://www.suse.com/security/cve/CVE-2022-41704	external
https://bugzilla.suse.com/1204704	external
https://www.suse.com/security/cve/CVE-2022-42890	external
https://bugzilla.suse.com/1204709	external
https://www.suse.com/security/cve/CVE-2022-44729	external
https://www.suse.com/security/cve/CVE-2022-44730	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xmlgraphics-batik",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xmlgraphics-batik fixes the following issues:\n\n- CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704).\n- CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709).\n- CVE-2022-44730: Fixed Server-Side Request Forgery.\n- CVE-2022-44729: Fixed Server-Side Request Forgery.\n\nUpgrade to version 1.17.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-808,SUSE-SLE-Module-Development-Tools-15-SP5-2024-808,openSUSE-SLE-15.5-2024-808",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0808-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0808-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240808-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0808-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2024-March/034578.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204704",
        "url": "https://bugzilla.suse.com/1204704"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204709",
        "url": "https://bugzilla.suse.com/1204709"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41704 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42890 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44729 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44729/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44730 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44730/"
      }
    ],
    "title": "Security update for xmlgraphics-batik",
    "tracking": {
      "current_release_date": "2024-03-07T19:46:57Z",
      "generator": {
        "date": "2024-03-07T19:46:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0808-1",
      "initial_release_date": "2024-03-07T19:46:57Z",
      "revision_history": [
        {
          "date": "2024-03-07T19:46:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch",
                  "product_id": "xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-1.17-150200.4.7.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41704",
          "url": "https://www.suse.com/security/cve/CVE-2022-41704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204704 for CVE-2022-41704",
          "url": "https://bugzilla.suse.com/1204704"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-07T19:46:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-42890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42890",
          "url": "https://www.suse.com/security/cve/CVE-2022-42890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204709 for CVE-2022-42890",
          "url": "https://bugzilla.suse.com/1204709"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-07T19:46:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-44729",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44729"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44729",
          "url": "https://www.suse.com/security/cve/CVE-2022-44729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-07T19:46:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-44729"
    },
    {
      "cve": "CVE-2022-44730",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44730"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
          "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44730",
          "url": "https://www.suse.com/security/cve/CVE-2022-44730"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-css-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-demo-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-javadoc-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-rasterizer-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-slideshow-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-squiggle-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-svgpp-1.17-150200.4.7.1.noarch",
            "openSUSE Leap 15.5:xmlgraphics-batik-ttf2svg-1.17-150200.4.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-07T19:46:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-44730"
    }
  ]
}

WID-SEC-W-2023-0809

Vulnerability from csaf_certbund - Published: 2023-03-30 22:00 - Updated: 2024-02-19 23:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux

CVE-2023-22809

In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-4883

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-46364

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-46363

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-45143

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-42890

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-4254

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-42252

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41966

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41946

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41704

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40156

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40155

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40154

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40153

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40152

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40150

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-40149

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37603

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37601

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37599

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-37598

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-3676

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-36364

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-36033

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-34917

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-31197

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-31129

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-2964

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-28733

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-2795

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25927

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25901

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25758

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-25647

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24999

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24839

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24823

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-24785

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-23437

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-22971

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-22970

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21724

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21628

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21626

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21624

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-21619

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-43797

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-42740

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-42581

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-39227

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-3918

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-3807

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37713

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37712

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37701

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-3765

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37137

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-37136

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-32804

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-32803

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-29060

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-26401

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-25220

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23450

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23382

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23368

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23364

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23362

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-23343

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-21409

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-21295

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2021-21290

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-7764

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-5259

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-24025

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-15366

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-13936

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-6286

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-6284

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-6283

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2019-10785

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-8036

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-20821

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-20190

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19839

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19838

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19827

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-19797

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-15494

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-11698

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2018-11694

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/6967283	external
https://www.ibm.com/support/pages/node/6967333	external
https://www.ibm.com/support/pages/node/6980799	external
https://www.ibm.com/support/pages/node/7108657	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0809 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0809.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0809 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0809"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6967283 vom 2023-03-30",
        "url": "https://www.ibm.com/support/pages/node/6967283"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6967333 vom 2023-03-30",
        "url": "https://www.ibm.com/support/pages/node/6967333"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6980799 vom 2023-04-04",
        "url": "https://www.ibm.com/support/pages/node/6980799"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7108657 vom 2024-01-17",
        "url": "https://www.ibm.com/support/pages/node/7108657"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-5ECC250449 vom 2024-02-19",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:38.606+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0809",
      "initial_release_date": "2023-03-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-03-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-02-19T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c User Behavior Analytics 4.1.11",
                "product": {
                  "name": "IBM QRadar SIEM \u003c User Behavior Analytics 4.1.11",
                  "product_id": "T027026"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 7.4.3 FP9",
                "product": {
                  "name": "IBM QRadar SIEM \u003c 7.4.3 FP9",
                  "product_id": "T027027"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 7.5.0 UP5",
                "product": {
                  "name": "IBM QRadar SIEM \u003c 7.5.0 UP5",
                  "product_id": "T027028"
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-22809",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-22809"
    },
    {
      "cve": "CVE-2022-4883",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-4883"
    },
    {
      "cve": "CVE-2022-46364",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-46364"
    },
    {
      "cve": "CVE-2022-46363",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-46363"
    },
    {
      "cve": "CVE-2022-45143",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-45143"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-4254",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-4254"
    },
    {
      "cve": "CVE-2022-42252",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41946",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-41946"
    },
    {
      "cve": "CVE-2022-41704",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-40156",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40156"
    },
    {
      "cve": "CVE-2022-40155",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40155"
    },
    {
      "cve": "CVE-2022-40154",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40154"
    },
    {
      "cve": "CVE-2022-40153",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40153"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40150",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40149",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-40149"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37598",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-37598"
    },
    {
      "cve": "CVE-2022-3676",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-3676"
    },
    {
      "cve": "CVE-2022-36364",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-36364"
    },
    {
      "cve": "CVE-2022-36033",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-34917",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-34917"
    },
    {
      "cve": "CVE-2022-31197",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-31197"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-2964",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-2964"
    },
    {
      "cve": "CVE-2022-28733",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-28733"
    },
    {
      "cve": "CVE-2022-2795",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-2795"
    },
    {
      "cve": "CVE-2022-25927",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25927"
    },
    {
      "cve": "CVE-2022-25901",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25901"
    },
    {
      "cve": "CVE-2022-25758",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25758"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-24999",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-24839",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24839"
    },
    {
      "cve": "CVE-2022-24823",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24823"
    },
    {
      "cve": "CVE-2022-24785",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-24785"
    },
    {
      "cve": "CVE-2022-23437",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-23437"
    },
    {
      "cve": "CVE-2022-22971",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-22971"
    },
    {
      "cve": "CVE-2022-22970",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-22970"
    },
    {
      "cve": "CVE-2022-21724",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21724"
    },
    {
      "cve": "CVE-2022-21628",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21628"
    },
    {
      "cve": "CVE-2022-21626",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21626"
    },
    {
      "cve": "CVE-2022-21624",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21624"
    },
    {
      "cve": "CVE-2022-21619",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2022-21619"
    },
    {
      "cve": "CVE-2021-43797",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-43797"
    },
    {
      "cve": "CVE-2021-42740",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2021-42581",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-42581"
    },
    {
      "cve": "CVE-2021-39227",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-39227"
    },
    {
      "cve": "CVE-2021-3918",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-3918"
    },
    {
      "cve": "CVE-2021-3807",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-3807"
    },
    {
      "cve": "CVE-2021-37713",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37713"
    },
    {
      "cve": "CVE-2021-37712",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37712"
    },
    {
      "cve": "CVE-2021-37701",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37701"
    },
    {
      "cve": "CVE-2021-3765",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-3765"
    },
    {
      "cve": "CVE-2021-37137",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37137"
    },
    {
      "cve": "CVE-2021-37136",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-37136"
    },
    {
      "cve": "CVE-2021-32804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-32804"
    },
    {
      "cve": "CVE-2021-32803",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-32803"
    },
    {
      "cve": "CVE-2021-29060",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-26401",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-26401"
    },
    {
      "cve": "CVE-2021-25220",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-25220"
    },
    {
      "cve": "CVE-2021-23450",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23450"
    },
    {
      "cve": "CVE-2021-23382",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-23368",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23368"
    },
    {
      "cve": "CVE-2021-23364",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23364"
    },
    {
      "cve": "CVE-2021-23362",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23362"
    },
    {
      "cve": "CVE-2021-23343",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-21409",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-21409"
    },
    {
      "cve": "CVE-2021-21295",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-21295"
    },
    {
      "cve": "CVE-2021-21290",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2021-21290"
    },
    {
      "cve": "CVE-2020-7764",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-7764"
    },
    {
      "cve": "CVE-2020-5259",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-5259"
    },
    {
      "cve": "CVE-2020-24025",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-24025"
    },
    {
      "cve": "CVE-2020-15366",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-15366"
    },
    {
      "cve": "CVE-2020-13936",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2019-6286",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-6286"
    },
    {
      "cve": "CVE-2019-6284",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-6284"
    },
    {
      "cve": "CVE-2019-6283",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-6283"
    },
    {
      "cve": "CVE-2019-10785",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2019-10785"
    },
    {
      "cve": "CVE-2018-8036",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-8036"
    },
    {
      "cve": "CVE-2018-20821",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-20821"
    },
    {
      "cve": "CVE-2018-20190",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-20190"
    },
    {
      "cve": "CVE-2018-19839",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19839"
    },
    {
      "cve": "CVE-2018-19838",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19838"
    },
    {
      "cve": "CVE-2018-19827",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19827"
    },
    {
      "cve": "CVE-2018-19797",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-19797"
    },
    {
      "cve": "CVE-2018-15494",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-15494"
    },
    {
      "cve": "CVE-2018-11698",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-11698"
    },
    {
      "cve": "CVE-2018-11694",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "74185"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2018-11694"
    }
  ]
}

WID-SEC-W-2023-1142

Vulnerability from csaf_certbund - Published: 2023-05-03 22:00 - Updated: 2025-06-30 22:00

Summary

Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.

Betroffene Betriebssysteme: - Linux

CVE-2021-37533

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-25857

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-31777

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-33681

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-37865

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-37866

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38398

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38648

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38749

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38750

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38751

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38752

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-39368

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40146

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40150

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40151

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40152

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40156

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41704

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41852

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41853

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41854

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41881

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41966

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-42003

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-42004

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-42890

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-4492

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-1370

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-1436

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-20860

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-20861

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-20863

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-22602

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-24998

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

References

31 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:2100	external
https://access.redhat.com/errata/RHSA-2023:3179	external
https://access.redhat.com/errata/RHSA-2023:3193	external
https://access.redhat.com/errata/RHSA-2023:3622	external
https://access.redhat.com/errata/RHSA-2023:3667	external
https://access.redhat.com/errata/RHSA-2023:3626	external
https://access.redhat.com/errata/RHSA-2023:3625	external
https://access.redhat.com/errata/RHSA-2023:3906	external
https://access.redhat.com/errata/RHSA-2023:3954	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html	external
https://access.redhat.com/errata/RHSA-2023:4506	external
https://access.redhat.com/errata/RHSA-2023:4507	external
https://access.redhat.com/errata/RHSA-2023:4505	external
https://access.redhat.com/errata/RHSA-2023:4509	external
https://access.redhat.com/errata/RHSA-2023:4612	external
https://access.redhat.com/errata/RHSA-2023:4919	external
https://access.redhat.com/errata/RHSA-2023:4921	external
https://access.redhat.com/errata/RHSA-2023:4924	external
https://access.redhat.com/errata/RHSA-2023:4918	external
https://access.redhat.com/errata/RHSA-2023:4920	external
https://access.redhat.com/errata/RHSA-2023:7670	external
https://www.dell.com/support/kbdoc/000220649/dsa-2023-=	external
https://www.dell.com/support/kbdoc/000220669/dsa-2023-=	external
https://alas.aws.amazon.com/ALAS-2024-1910.html	external
https://access.redhat.com/errata/RHSA-2024:1027	external
https://access.redhat.com/errata/RHSA-2025:3541	external
https://access.redhat.com/errata/RHSA-2025:3543	external
https://access.redhat.com/errata/RHSA-2025:8761	external
https://access.redhat.com/errata/RHSA-2025:9922	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1142 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1142 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2023-05-03",
        "url": "https://access.redhat.com/errata/RHSA-2023:2100"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:3179"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:3193"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:3622"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:3667"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23",
        "url": "https://access.redhat.com/errata/RHSA-2023:3626"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23",
        "url": "https://access.redhat.com/errata/RHSA-2023:3625"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:3906"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
        "url": "https://access.redhat.com/errata/RHSA-2023:3954"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4506"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4507"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4505"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4509"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:4612"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4919"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4921"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4924"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4918"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4920"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06",
        "url": "https://access.redhat.com/errata/RHSA-2023:7670"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
        "url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
        "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23",
        "url": "https://alas.aws.amazon.com/ALAS-2024-1910.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:1027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3541 vom 2025-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2025:3541"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2025:3543"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:8761"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:9922 vom 2025-06-30",
        "url": "https://access.redhat.com/errata/RHSA-2025:9922"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-30T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-01T15:24:00.059+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2023-1142",
      "initial_release_date": "2023-05-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-25T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-25T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-08-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-16T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-31T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-21T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2023-12-26T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-02-28T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-04-02T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-30T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "19"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker",
            "product": {
              "name": "Dell NetWorker",
              "product_id": "T024663",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Integration Camel for Spring Boot \u003c3.20.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Integration Camel for Spring Boot \u003c3.20.1",
                  "product_id": "T027614"
                }
              },
              {
                "category": "product_version",
                "name": "Integration Camel for Spring Boot 3.20.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Integration Camel for Spring Boot 3.20.1",
                  "product_id": "T027614-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:integration_camel_for_spring_boot__3.20.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Apache Camel 1",
                "product": {
                  "name": "Red Hat Enterprise Linux Apache Camel 1",
                  "product_id": "T044468",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Camel Extensions for Quarkus 1",
                "product": {
                  "name": "Red Hat Integration Camel Extensions for Quarkus 1",
                  "product_id": "T026453",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Integration",
                "product": {
                  "name": "Red Hat Integration",
                  "product_id": "T033960",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Integration"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.10.62",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.10.62",
                  "product_id": "T028308"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.10.62",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.10.62",
                  "product_id": "T028308-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.10.62"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Application Runtimes",
                "product": {
                  "name": "Red Hat OpenShift Application Runtimes",
                  "product_id": "T029341",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:application_runtimes"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-37533",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2022-25857",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-25857"
    },
    {
      "cve": "CVE-2022-31777",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-31777"
    },
    {
      "cve": "CVE-2022-33681",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-33681"
    },
    {
      "cve": "CVE-2022-37865",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-37865"
    },
    {
      "cve": "CVE-2022-37866",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-37866"
    },
    {
      "cve": "CVE-2022-38398",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38398"
    },
    {
      "cve": "CVE-2022-38648",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38648"
    },
    {
      "cve": "CVE-2022-38749",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-38750",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38751",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38752",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-39368",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-39368"
    },
    {
      "cve": "CVE-2022-40146",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-40150",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40151",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40151"
    },
    {
      "cve": "CVE-2022-40152",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40156",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40156"
    },
    {
      "cve": "CVE-2022-41704",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-41852",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41852"
    },
    {
      "cve": "CVE-2022-41853",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41853"
    },
    {
      "cve": "CVE-2022-41854",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-41881",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-41966",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-42003",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42890",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-4492",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-4492"
    },
    {
      "cve": "CVE-2023-1370",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-1436",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-20860",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-20860"
    },
    {
      "cve": "CVE-2023-20861",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2023-20863",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-22602",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-22602"
    },
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    }
  ]
}

WID-SEC-W-2023-2993

Vulnerability from csaf_certbund - Published: 2023-11-21 23:00 - Updated: 2023-12-12 23:00

Summary

Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2023-44487

Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-42794

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-34396

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-2976

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-22521

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-22516

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-45143

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42890

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42252

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42004

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42003

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-41704

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-40146

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-28366

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-25647

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-46877

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-40690

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-37714

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-28165

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2020-36518

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2017-9735

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2017-7656

Affected products

Known affected 15 products

Product	Identifier	Version
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2993 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2993.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2993 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2993"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin vom 2023-11-21",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-21-2023-1318881573.html"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
        "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:01:59.515+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2993",
      "initial_release_date": "2023-11-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-11-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Bewertung angepasst"
        },
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.2.7",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.2.7",
                  "product_id": "1529586",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.2.7",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.2.7",
                  "product_id": "T031322",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.4",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.4",
                  "product_id": "T031323",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.5",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.5",
                  "product_id": "T031324",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 7.21.18",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 7.21.18",
                  "product_id": "T031325",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.9.7",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.9.7",
                  "product_id": "T031614",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.11.6",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.11.6",
                  "product_id": "T031615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.12.4",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.12.4",
                  "product_id": "T031616",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.13.3",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.13.3",
                  "product_id": "T031617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.14.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.14.2",
                  "product_id": "T031618",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.3.4",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.3.4",
                  "product_id": "T030846",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.3.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.6.1",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.6.1",
                  "product_id": "T031326",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.6.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 7.19.17",
                "product": {
                  "name": "Atlassian Confluence \u003c 7.19.17",
                  "product_id": "T031609",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:7.19.17"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.4.5",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.4.5",
                  "product_id": "T031610",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.4.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.5.4",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.5.4",
                  "product_id": "T031611",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.6.2",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.6.2",
                  "product_id": "T031612",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.7.1",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.7.1",
                  "product_id": "T031613",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 9.11.3",
                "product": {
                  "name": "Atlassian Jira Software \u003c 9.11.3",
                  "product_id": "T031327",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:9.11.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 9.4.13",
                "product": {
                  "name": "Atlassian Jira Software \u003c 9.4.13",
                  "product_id": "T031606",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:9.4.13"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software Service Management \u003c 4.20.28",
                "product": {
                  "name": "Atlassian Jira Software Service Management \u003c 4.20.28",
                  "product_id": "T031607",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software Service Management \u003c 5.4.12",
                "product": {
                  "name": "Atlassian Jira Software Service Management \u003c 5.4.12",
                  "product_id": "T031608",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira Software"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-42794",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2023-42794"
    },
    {
      "cve": "CVE-2023-34396",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2023-34396"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-22521",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2023-22521"
    },
    {
      "cve": "CVE-2023-22516",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2023-22516"
    },
    {
      "cve": "CVE-2022-45143",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-45143"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-42252",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41704",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-40146",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-28366",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-28366"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2021-46877",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2021-46877"
    },
    {
      "cve": "CVE-2021-40690",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2021-40690"
    },
    {
      "cve": "CVE-2021-37714",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2021-37714"
    },
    {
      "cve": "CVE-2021-28165",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2021-28165"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2017-9735",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2017-9735"
    },
    {
      "cve": "CVE-2017-7656",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031610",
          "T031612",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-11-21T23:00:00.000+00:00",
      "title": "CVE-2017-7656"
    }
  ]
}

WID-SEC-W-2024-0671

Vulnerability from csaf_certbund - Published: 2024-03-19 23:00 - Updated: 2024-11-24 23:00

Summary

Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS

Severity

Hoch

Notes

Produktbeschreibung: Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2022-24839

Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-28366

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-29546

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-3171

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-34169

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-3509

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-40146

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-40149

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-40150

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-41704

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-42890

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-45685

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2022-45688

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-1436

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-34453

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-34454

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-34455

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-39410

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-43642

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

CVE-2023-5072

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Jira Software Data Center and Server <9.4.18 Atlassian / Jira Software		Data Center and Server <9.4.18
Atlassian Jira Software Data Center and Server <9.14.1 Atlassian / Jira Software		Data Center and Server <9.14.1
Atlassian Jira Software Data Center and Server <9.13.1 Atlassian / Jira Software		Data Center and Server <9.13.1
Atlassian Jira Software Data Center and Server <9.12.5 Atlassian / Jira Software		Data Center and Server <9.12.5
Atlassian Jira Software Data Center <9.14.0 Atlassian / Jira Software		Data Center <9.14.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Jira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0671 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0671.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0671 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0671"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Advisory vom 2024-03-19",
        "url": "https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Jira Software: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung und DoS",
    "tracking": {
      "current_release_date": "2024-11-24T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-25T09:15:33.636+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-0671",
      "initial_release_date": "2024-03-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-20T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVSS korrigiert"
        },
        {
          "date": "2024-11-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c9.14.1",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server \u003c9.14.1",
                  "product_id": "T033559"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 9.14.1",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server 9.14.1",
                  "product_id": "T033559-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:data_center_and_server__9.14.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.14.0",
                "product": {
                  "name": "Atlassian Jira Software Data Center \u003c9.14.0",
                  "product_id": "T033561"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.14.0",
                "product": {
                  "name": "Atlassian Jira Software Data Center 9.14.0",
                  "product_id": "T033561-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:data_center__9.14.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c9.13.1",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server \u003c9.13.1",
                  "product_id": "T033563"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 9.13.1",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server 9.13.1",
                  "product_id": "T033563-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:data_center_and_server__9.13.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c9.12.5",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server \u003c9.12.5",
                  "product_id": "T033564"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 9.12.5",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server 9.12.5",
                  "product_id": "T033564-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:data_center_and_server__9.12.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c9.4.18",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server \u003c9.4.18",
                  "product_id": "T033566"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 9.4.18",
                "product": {
                  "name": "Atlassian Jira Software Data Center and Server 9.4.18",
                  "product_id": "T033566-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:data_center_and_server__9.4.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira Software"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24839",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-24839"
    },
    {
      "cve": "CVE-2022-28366",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-28366"
    },
    {
      "cve": "CVE-2022-29546",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-29546"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-34169",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-3509",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-40146",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-40149",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-40149"
    },
    {
      "cve": "CVE-2022-40150",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-41704",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-45685",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-45685"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-34453",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-34453"
    },
    {
      "cve": "CVE-2023-34454",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-34454"
    },
    {
      "cve": "CVE-2023-34455",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-34455"
    },
    {
      "cve": "CVE-2023-39410",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-39410"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-5072",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033566",
          "T033559",
          "T033563",
          "T033564",
          "T033561"
        ]
      },
      "release_date": "2024-03-19T23:00:00.000+00:00",
      "title": "CVE-2023-5072"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41704 (GCVE-0-2022-41704)

SUSE-SU-2024:0777-1

SUSE-SU-2024:0808-1

WID-SEC-W-2023-0809

WID-SEC-W-2023-1142

WID-SEC-W-2023-2993

WID-SEC-W-2024-0671

Tags

Sightings

Nomenclature